Total
5485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0469 | 1 Futomis Cgi Cafe | 1 Fulltext Search Cgi | 2025-04-09 | N/A |
| Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors. | ||||
| CVE-2009-0240 | 1 Tigris | 1 Websvn | 2025-04-09 | N/A |
| listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. | ||||
| CVE-2009-0169 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | N/A |
| Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. | ||||
| CVE-2008-7229 | 1 Greensql | 1 Greensql Firewall | 2025-04-09 | N/A |
| GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). | ||||
| CVE-2008-7188 | 1 Clip-share | 1 Clipshare | 2025-04-09 | N/A |
| ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | ||||
| CVE-2008-7157 | 1 Ekinboard | 1 Ekinboard | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/. | ||||
| CVE-2008-7161 | 1 Fortinet | 1 Fortigate-1000 | 2025-04-09 | N/A |
| Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058. | ||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2025-04-09 | N/A |
| Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. | ||||
| CVE-2008-7080 | 1 Phpclassifiedsscript | 1 Php Classifieds Script | 2025-04-09 | N/A |
| Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql. | ||||
| CVE-2008-7062 | 1 Lovecms | 1 Lovecms | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/. | ||||
| CVE-2008-7010 | 1 Skalinks | 1 Exchange Script | 2025-04-09 | N/A |
| Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php. | ||||
| CVE-2008-6921 | 1 W2b | 1 Phpadboard | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/. | ||||
| CVE-2008-6920 | 1 W2b | 1 Phpemployment | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/. | ||||
| CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | ||||
| CVE-2008-6871 | 1 Merlix | 1 Educate Server | 2025-04-09 | N/A |
| Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. | ||||
| CVE-2008-6870 | 1 Merlix | 1 Educate Server | 2025-04-09 | N/A |
| Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp. | ||||
| CVE-2008-6869 | 1 Oramon | 1 Oramon | 2025-04-09 | N/A |
| Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini. | ||||
| CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2025-04-09 | N/A |
| internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6771 | 1 Peterselie | 1 Yourplace | 2025-04-09 | N/A |
| YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2008-6747 | 1 Dotproject | 1 Dotproject | 2025-04-09 | N/A |
| dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | ||||