ReportizFlow
Filtered by vendor
Subscriptions
Total
5469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1599 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | ||||
| CVE-2008-1600 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. | ||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2025-04-09 | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | ||||
| CVE-2008-1627 | 1 Cds Software Consortium | 1 Invenio | 2025-04-09 | N/A |
| CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. | ||||
| CVE-2008-1628 | 1 Linux | 1 Audit | 2025-04-09 | N/A |
| Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | ||||
| CVE-2008-2824 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | ||||
| CVE-2008-7096 | 1 Intel | 1 Bios | 2025-04-09 | N/A |
| Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3. | ||||
| CVE-2008-2682 | 1 Realm Project | 1 Realm Cms | 2025-04-09 | N/A |
| _RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID. | ||||
| CVE-2008-1951 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus. | ||||
| CVE-2008-1376 | 1 Redhat | 2 Enterprise Linux, Nfs Utils | 2025-04-09 | N/A |
| A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2009-1637 | 1 Simplecustomer | 1 Simple Customer | 2025-04-09 | N/A |
| profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters. | ||||
| CVE-2008-1946 | 2 Gnu, Redhat | 2 Coreutils, Enterprise Linux | 2025-04-09 | N/A |
| The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | ||||
| CVE-2009-0760 | 1 Team5 | 1 Team Board | 2025-04-09 | N/A |
| Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. | ||||
| CVE-2008-3096 | 1 Drupal | 1 Outline Designer Module | 2025-04-09 | N/A |
| The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges. | ||||
| CVE-2009-0804 | 1 Ziproxy | 1 Ziproxy | 2025-04-09 | N/A |
| Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | ||||
| CVE-2009-0826 | 1 Freedville | 1 Bloghelper | 2025-04-09 | N/A |
| BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | ||||
| CVE-2009-0827 | 1 Freedville | 1 Pollhelper | 2025-04-09 | N/A |
| PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request. | ||||
| CVE-2008-1834 | 1 Swfdec | 1 Swfdec | 2025-04-09 | N/A |
| swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file. | ||||
| CVE-2008-2250 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." | ||||