Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2025-04-09 | N/A |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5935 | 1 Factosystem | 1 Factosystem Weblog | 2025-04-09 | N/A |
| Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2025-04-09 | N/A |
| ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | ||||
| CVE-2008-5980 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2025-04-09 | N/A |
| Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. | ||||
| CVE-2009-3843 | 1 Hp | 1 Operations Manager | 2025-04-09 | N/A |
| HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. | ||||
| CVE-2009-3860 | 1 Idefense | 1 Comraider | 2025-04-09 | N/A |
| Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer. | ||||
| CVE-2008-6051 | 1 Metalinks | 1 Metacart | 2025-04-09 | N/A |
| MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request. | ||||
| CVE-2009-3889 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-09 | N/A |
| The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. | ||||
| CVE-2007-5900 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. | ||||
| CVE-2009-3949 | 1 Vivaprograms | 1 Infinity Script | 2025-04-09 | N/A |
| cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters. | ||||
| CVE-2007-5945 | 1 Usvn | 1 User-friendly Svn | 2025-04-09 | N/A |
| USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | ||||
| CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2025-04-09 | N/A |
| PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | ||||
| CVE-2008-4414 | 1 Hp | 1 Tru64 | 2025-04-09 | N/A |
| Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2008-6008 | 1 Herongyang | 1 Hybook | 2025-04-09 | N/A |
| hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb. | ||||
| CVE-2009-4299 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | ||||
| CVE-2009-4331 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | ||||
| CVE-2009-4112 | 1 Cacti | 1 Cacti | 2025-04-09 | N/A |
| Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | ||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2025-04-09 | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-6540 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-09 | N/A |
| DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys. | ||||
| CVE-2009-4174 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2025-04-09 | N/A |
| The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action. | ||||