Total
5486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3273 | 2 Jboss, Redhat | 3 Enterprise Application Platform, Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2025-04-09 | N/A |
| JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | ||||
| CVE-2008-5885 | 1 Thenetguys | 1 Aspired2quote | 2025-04-09 | N/A |
| The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5886 | 1 Takempis | 1 Discussion Web | 2025-04-09 | N/A |
| TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2025-04-09 | N/A |
| CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1679 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | N/A |
| The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. | ||||
| CVE-2009-0108 | 1 Phpauctions | 1 Phpauctions | 2025-04-09 | N/A |
| PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. | ||||
| CVE-2009-0028 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-09 | N/A |
| The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. | ||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2025-04-09 | N/A |
| Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | ||||
| CVE-2009-4528 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2025-04-09 | N/A |
| The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. | ||||
| CVE-2009-2853 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/. | ||||
| CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2025-04-09 | N/A |
| Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | ||||
| CVE-2009-4301 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | ||||
| CVE-2008-4822 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2025-04-09 | N/A |
| Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. | ||||
| CVE-2009-4299 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | ||||
| CVE-2007-1460 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. | ||||
| CVE-2008-7002 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation. | ||||
| CVE-2008-7181 | 1 Butterflymedia | 1 Butterfly Organizer | 2025-04-09 | N/A |
| Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php. | ||||
| CVE-2008-7172 | 1 Yanick Bourbeau | 1 Lightweight News Portal | 2025-04-09 | N/A |
| Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions. | ||||
| CVE-2008-6603 | 1 Moinmo | 1 Moinmoin | 2025-04-09 | N/A |
| MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | ||||
| CVE-2008-5687 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | N/A |
| MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. | ||||