ReportizFlow
Filtered by vendor
Subscriptions
Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2675 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-09 | N/A |
| Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||||
| CVE-2007-6056 | 1 Aida-orga | 1 Aida-web | 2025-04-09 | N/A |
| frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters. | ||||
| CVE-2009-4520 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Commentreference | 2025-04-09 | N/A |
| The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | ||||
| CVE-2009-2717 | 2 Microsoft, Sun | 2 Windows 2000, Java Se | 2025-04-09 | N/A |
| The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | ||||
| CVE-2008-1692 | 1 Eterm | 1 Eterm | 2025-04-09 | N/A |
| Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. | ||||
| CVE-2007-2815 | 1 Microsoft | 1 Internet Information Services | 2025-04-09 | N/A |
| The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | ||||
| CVE-2009-2846 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. | ||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2025-04-09 | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | ||||
| CVE-2007-4569 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2025-04-09 | N/A |
| backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | ||||
| CVE-2007-6243 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2025-04-09 | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | ||||
| CVE-2008-5504 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | ||||
| CVE-2007-4937 | 1 Comscripts | 1 Cs Guestbook | 2025-04-09 | N/A |
| CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php. | ||||
| CVE-2008-5606 | 1 Gazatem Technologies | 1 Qmail Mailing List Manager | 2025-04-09 | N/A |
| Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. | ||||
| CVE-2007-4174 | 1 Tor | 1 Tor | 2025-04-09 | N/A |
| Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node. | ||||
| CVE-2008-5780 | 1 Hostforest | 1 Forest Blog | 2025-04-09 | N/A |
| Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. | ||||
| CVE-2009-3106 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | ||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2025-04-09 | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1099 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | N/A |
| _macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. | ||||
| CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2025-04-09 | N/A |
| PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | ||||
| CVE-2008-6008 | 1 Herongyang | 1 Hybook | 2025-04-09 | N/A |
| hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb. | ||||