Total
5486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0809 | 2 3ds, Ibm | 2 Enovia Smarteam, Catia | 2025-04-09 | N/A |
| The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object. | ||||
| CVE-2009-0807 | 1 Zfeeder | 1 Zfeeder | 2025-04-09 | N/A |
| zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. | ||||
| CVE-2009-0122 | 1 Hp | 1 Hplip | 2025-04-09 | N/A |
| hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. | ||||
| CVE-2009-0806 | 1 Opengoo | 1 Opengoo | 2025-04-09 | N/A |
| Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors. | ||||
| CVE-2009-0804 | 1 Ziproxy | 1 Ziproxy | 2025-04-09 | N/A |
| Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | ||||
| CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2025-04-09 | N/A |
| xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | ||||
| CVE-2008-3472 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." | ||||
| CVE-2009-0801 | 1 Squid | 1 Squid Web Proxy Cache | 2025-04-09 | N/A |
| Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | ||||
| CVE-2007-3007 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. | ||||
| CVE-2009-0732 | 1 Lingx | 1 Downloadcenter | 2025-04-09 | N/A |
| Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6499 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." | ||||
| CVE-2007-6501 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | ||||
| CVE-2008-2722 | 1 Menalto | 1 Gallery | 2025-04-09 | N/A |
| Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. | ||||
| CVE-2007-6047 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART. | ||||
| CVE-2007-6049 | 3 Ibm, Linux, Unix | 3 Db2 Universal Database, Linux Kernel, Unix | 2025-04-09 | N/A |
| Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root. | ||||
| CVE-2007-6050 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." | ||||
| CVE-2007-2815 | 1 Microsoft | 1 Internet Information Services | 2025-04-09 | N/A |
| The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | ||||
| CVE-2007-6056 | 1 Aida-orga | 1 Aida-web | 2025-04-09 | N/A |
| frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters. | ||||
| CVE-2009-0613 | 1 Trendmicro | 1 Interscan Web Security Suite | 2025-04-09 | N/A |
| Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages. | ||||
| CVE-2007-6081 | 1 Adventnet | 1 Eventlog Analyzer | 2025-04-09 | N/A |
| AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | ||||