Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4340 | 1 Apache | 1 Libcloud | 2025-04-11 | N/A |
| libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. | ||||
| CVE-2010-4491 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension. | ||||
| CVE-2010-4512 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | N/A |
| Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | ||||
| CVE-2010-4534 | 1 Djangoproject | 1 Django | 2025-04-11 | N/A |
| The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | ||||
| CVE-2010-4546 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. | ||||
| CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | ||||
| CVE-2010-4595 | 1 Ibm | 1 Lotus Mobile Connect | 2025-04-11 | N/A |
| The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header. | ||||
| CVE-2009-1597 | 2 Adobe, Mozilla | 2 Acrobat Reader, Firefox | 2025-04-09 | N/A |
| Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | ||||
| CVE-2008-6051 | 1 Metalinks | 1 Metacart | 2025-04-09 | N/A |
| MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request. | ||||
| CVE-2009-1582 | 1 Kalptarudemos | 1 Million Dollar Text Links | 2025-04-09 | N/A |
| Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php. | ||||
| CVE-2008-6054 | 1 Preprojects.com | 1 Pre Courier And Cargo Business | 2025-04-09 | N/A |
| PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2009-0043 | 1 Ca | 2 Service Level Management, Service Metric Analysis | 2025-04-09 | N/A |
| The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2025-04-09 | N/A |
| xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | ||||
| CVE-2009-2171 | 1 Mahara | 1 Mahara | 2025-04-09 | N/A |
| Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | ||||
| CVE-2008-2402 | 1 Sun | 1 Java Asp Server | 2025-04-09 | N/A |
| The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. | ||||
| CVE-2009-2207 | 1 Apple | 1 Iphone Os | 2025-04-09 | N/A |
| The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | ||||
| CVE-2008-2400 | 1 Stunnel | 1 Stunnel | 2025-04-09 | N/A |
| Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2008-2378 | 1 Hf | 1 Hf | 2025-04-09 | N/A |
| Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option. | ||||
| CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | N/A |
| Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | ||||
| CVE-2009-1495 | 1 Webfileexplorer | 1 Web File Explorer | 2025-04-09 | N/A |
| Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. | ||||