Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0935 | 1 Perforce | 1 Perforce Server | 2010-03-08 | 4.6 MEDIUM | N/A |
| Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. | |||||
| CVE-2010-0681 | 1 Zeuscms | 1 Zeuscms | 2010-02-23 | 5.0 MEDIUM | N/A |
| ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. | |||||
| CVE-2010-0005 | 1 Viewvc | 1 Viewvc | 2010-02-02 | 7.5 HIGH | N/A |
| query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. | |||||
| CVE-2003-1575 | 2 Sun, Symantec | 2 Solaris, Vxfs | 2010-01-31 | 4.6 MEDIUM | N/A |
| VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | |||||
| CVE-2010-0142 | 1 Cisco | 1 Unified Meetingplace | 2010-01-31 | 8.5 HIGH | N/A |
| MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530. | |||||
| CVE-2010-0380 | 1 Jce-tech | 1 Php Calendars Script | 2010-01-25 | 5.0 MEDIUM | N/A |
| install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. | |||||
| CVE-2009-4515 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2010-01-08 | 5.0 MEDIUM | N/A |
| The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors. | |||||
| CVE-2009-4520 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Commentreference | 2010-01-06 | 5.0 MEDIUM | N/A |
| The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | |||||
| CVE-2009-4526 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2010-01-04 | 5.0 MEDIUM | N/A |
| The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. | |||||
| CVE-2009-4502 | 3 Freebsd, Sun, Zabbix | 3 Freebsd, Solaris, Zabbix | 2010-01-01 | 9.3 HIGH | N/A |
| The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. | |||||
| CVE-2007-3532 | 2 Gentoo, Nvidia | 2 Linux, Video Driver | 2009-12-28 | 7.2 HIGH | N/A |
| NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | |||||
| CVE-2009-4417 | 1 Zend | 1 Framework | 2009-12-28 | 5.0 MEDIUM | N/A |
| The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." | |||||
| CVE-2009-4358 | 1 Freebsd | 1 Freebsd | 2009-12-21 | 4.7 MEDIUM | N/A |
| freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. | |||||
| CVE-2009-4314 | 1 Sun | 2 Ray Server Software, Solaris | 2009-12-15 | 4.4 MEDIUM | N/A |
| Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device. | |||||
| CVE-2009-4222 | 1 Smartisoft | 1 Phpbazar | 2009-12-08 | 7.5 HIGH | N/A |
| phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request. | |||||
| CVE-2009-4150 | 1 Ibm | 2 Db2, Db2 Universal Database | 2009-12-07 | 4.6 MEDIUM | N/A |
| dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | |||||
| CVE-2002-2353 | 1 Tftpd32 | 1 Tftpd32 | 2009-11-24 | 6.4 MEDIUM | N/A |
| tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests. | |||||
| CVE-2009-2818 | 1 Apple | 1 Mac Os X Server | 2009-11-17 | 5.0 MEDIUM | N/A |
| Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | |||||
| CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 4.9 MEDIUM | N/A |
| IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||||
| CVE-2009-3921 | 2 Drupal, Ezra Barnett Gildesgame | 2 Drupal, Smartqueue Og | 2009-11-10 | 4.0 MEDIUM | N/A |
| The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. | |||||