Search
Total
4224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0216 | 1 Freebsd | 1 Freebsd | 2017-08-08 | 2.1 LOW | N/A |
| The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. | |||||
| CVE-2008-0217 | 1 Freebsd | 1 Freebsd | 2017-08-08 | 6.9 MEDIUM | N/A |
| The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. | |||||
| CVE-2008-0169 | 1 Ikiwiki | 1 Ikiwiki | 2017-08-08 | 6.8 MEDIUM | N/A |
| Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. | |||||
| CVE-2008-0145 | 1 Php | 1 Php | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | |||||
| CVE-2008-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 1.9 LOW | N/A |
| AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||||
| CVE-2008-0046 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2008-0045 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | |||||
| CVE-2007-6711 | 1 Freewebshop | 1 Freewebshop | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors. | |||||
| CVE-2007-6636 | 1 Bitflu | 1 Bitflu | 2017-08-08 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file. | |||||
| CVE-2007-6640 | 1 Sourceforge | 2 Creammonkey, Greasekit | 2017-08-08 | 6.4 MEDIUM | N/A |
| Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured. | |||||
| CVE-2007-6487 | 1 Plain Black | 1 Webgui | 2017-08-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680. | |||||
| CVE-2007-6413 | 1 Sun | 1 Solaris | 2017-08-08 | 9.3 HIGH | N/A |
| Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | |||||
| CVE-2007-6294 | 1 Ibm | 1 Hardware Management Console | 2017-08-08 | 4.9 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | |||||
| CVE-2008-1215 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-08-08 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. | |||||
| CVE-2007-6209 | 2 Linux, Zsh | 2 Linux Kernel, Zsh | 2017-07-29 | 4.6 MEDIUM | N/A |
| Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2007-6182 | 1 Growth | 1 Ispmanager | 2017-07-29 | 7.2 HIGH | N/A |
| The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments. | |||||
| CVE-2007-6174 | 1 Phpdevshell | 1 Phpdevshell | 2017-07-29 | 8.5 HIGH | N/A |
| PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6222 | 1 Crm Ctt | 1 Interleave | 2017-07-29 | 6.5 MEDIUM | N/A |
| The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2017-07-29 | 5.8 MEDIUM | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | |||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 7.5 HIGH | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 6.8 MEDIUM | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||||
| CVE-2007-4685 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 7.2 HIGH | N/A |
| The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | |||||
| CVE-2007-5945 | 1 Usvn | 1 User-friendly Svn | 2017-07-29 | 5.0 MEDIUM | N/A |
| USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | |||||
| CVE-2007-5931 | 1 Orangehrm | 1 Orangehrm | 2017-07-29 | 5.0 MEDIUM | N/A |
| The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5857 | 1 Apple | 1 Mac Os X | 2017-07-29 | 6.4 MEDIUM | N/A |
| Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. | |||||
| CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.4 HIGH | N/A |
| Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | |||||
| CVE-2007-5851 | 1 Apple | 1 Mac Os X | 2017-07-29 | 3.6 LOW | N/A |
| iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | |||||
| CVE-2007-5829 | 1 Symantec | 2 Norton Antivirus, Norton Internet Security | 2017-07-29 | 6.0 MEDIUM | N/A |
| The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. | |||||
| CVE-2007-5819 | 1 Ibm | 1 Tivoli Continuous Data Protection For Files | 2017-07-29 | 2.1 LOW | N/A |
| IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. | |||||
| CVE-2007-5827 | 2 Debian, Iscsitarget | 2 Debian Linux, Iscsitarget | 2017-07-29 | 2.1 LOW | N/A |
| iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | |||||
| CVE-2007-5761 | 1 Motorola | 1 Netoctopus | 2017-07-29 | 7.2 HIGH | N/A |
| The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value. | |||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2017-07-29 | 2.1 LOW | N/A |
| Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | |||||
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2017-07-29 | 6.4 MEDIUM | N/A |
| dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5469 | 1 Openser | 1 Openser | 2017-07-29 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons." | |||||
| CVE-2007-5468 | 1 Cisco | 1 Call Manager | 2017-07-29 | 5.0 MEDIUM | N/A |
| Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). | |||||
| CVE-2007-5401 | 1 Layton Technology | 1 Helpbox | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions. | |||||
| CVE-2007-5382 | 1 Cisco | 2 Wireless Control System, Wireless Lan Solution Engine | 2017-07-29 | 10.0 HIGH | N/A |
| The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2007-5210 | 1 Arbor Networks | 1 Peakflow Sp | 2017-07-29 | 6.0 MEDIUM | N/A |
| Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5171 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors. | |||||
| CVE-2007-5170 | 1 Sun | 2 Embedded Lights Out Manager, Sun Fire | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the embedded service processor (SP) before 3.09 in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) allows remote attackers to send arbitrary network traffic and use ELOM as a spam proxy. | |||||
| CVE-2007-5134 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. | |||||
| CVE-2007-5101 | 1 Furquim | 1 Chironfs | 2017-07-29 | 7.2 HIGH | N/A |
| ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges. | |||||
| CVE-2007-4798 | 1 Ibm | 1 Aix | 2017-07-29 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix". | |||||
| CVE-2007-4746 | 1 Cisco | 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software | 2017-07-29 | 9.0 HIGH | N/A |
| The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681. | |||||
| CVE-2007-4701 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 2.1 LOW | N/A |
| WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | |||||
| CVE-2007-4700 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. | |||||
| CVE-2007-4699 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2017-07-29 | 7.5 HIGH | N/A |
| The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | |||||
| CVE-2007-4694 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | |||||
| CVE-2007-4651 | 1 Adobe | 1 Connect Enterprise Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. | |||||
| CVE-2007-4649 | 1 Microworld Technologies | 3 Escan Anti-virus, Escan Internet Security, Escan Virus Control | 2017-07-29 | 7.2 HIGH | N/A |
| MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe. | |||||