Total
5484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2025-04-09 | N/A |
| dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4044 | 2 Bruno Massa, Drupal | 2 Web Services, Drupal | 2025-04-09 | N/A |
| The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. | ||||
| CVE-2008-2003 | 1 Badblue | 1 Badblue | 2025-04-09 | N/A |
| BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378. | ||||
| CVE-2007-6709 | 1 Linksys | 1 Wag54gs | 2025-04-09 | N/A |
| The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-2293 | 1 Tpvgames | 1 Mpcs | 2025-04-09 | N/A |
| admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1. | ||||
| CVE-2008-2297 | 1 Roticv | 1 Rantx | 2025-04-09 | N/A |
| The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison. | ||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2025-04-09 | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | ||||
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2025-04-09 | N/A |
| News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | ||||
| CVE-2008-2346 | 1 Alkalinephp | 1 Alkalinephp | 2025-04-09 | N/A |
| AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php. | ||||
| CVE-2008-2349 | 1 Zomp | 1 Zomplog | 2025-04-09 | N/A |
| Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. | ||||
| CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2025-04-09 | N/A |
| ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | ||||
| CVE-2007-5587 | 2 Macrovision, Microsoft | 3 Safedisc, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. | ||||
| CVE-2007-5787 | 1 Phptoys | 1 Micro Login System | 2025-04-09 | N/A |
| Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | ||||
| CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2025-04-09 | N/A |
| evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | ||||
| CVE-2007-5644 | 1 Lussumo | 1 Vanilla | 2025-04-09 | N/A |
| Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities. | ||||
| CVE-2008-3852 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | ||||
| CVE-2007-5682 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. | ||||
| CVE-2008-3856 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | ||||
| CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2025-04-09 | N/A |
| ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | ||||
| CVE-2007-2985 | 1 Pheap | 1 Pheap | 2025-04-09 | N/A |
| Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php. | ||||