Total
8242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0736 | 1 Shoppingtree | 1 Candypress Store | 2024-02-04 | 5.0 MEDIUM | N/A |
| admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter. | |||||
| CVE-2007-6221 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2024-02-04 | 7.8 HIGH | N/A |
| TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6206 | 6 Canonical, Debian, Linux and 3 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-02-04 | 2.1 LOW | N/A |
| The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. | |||||
| CVE-2008-0904 | 1 Bea Systems | 2 Aqualogic Interaction, Plumtree Collaboration | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2007-2022 | 2 Adobe, Opera | 2 Flash Player, Opera Browser | 2024-02-04 | 6.8 MEDIUM | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | |||||
| CVE-2007-6476 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2007-5555 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-04 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-0979 | 1 Lifetype | 1 Lifetype | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." | |||||
| CVE-2007-5432 | 1 Scottmanktelow | 1 Stride Cms | 2024-02-04 | 7.5 HIGH | N/A |
| Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php. | |||||
| CVE-2007-5404 | 1 Layton Technology | 1 Helpbox | 2024-02-04 | 5.0 MEDIUM | N/A |
| Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-3385 | 1 Apache | 1 Tomcat | 2024-02-04 | 4.3 MEDIUM | N/A |
| Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | |||||
| CVE-2008-1270 | 1 Lighttpd | 1 Lighttpd | 2024-02-04 | 5.0 MEDIUM | N/A |
| mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. | |||||
| CVE-2007-5028 | 1 Dibbler | 1 Dibbler | 2024-02-04 | 7.5 HIGH | N/A |
| Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | |||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2024-02-04 | 2.6 LOW | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | |||||
| CVE-2007-5444 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 5.0 MEDIUM | N/A |
| CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files. | |||||
| CVE-2007-3656 | 1 Mozilla | 1 Firefox | 2024-02-04 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. | |||||
| CVE-2007-5774 | 1 Flatnuke3 | 1 Flatnuke3 | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. | |||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | |||||
| CVE-2007-5934 | 1 Pear | 1 Structures Datagrid Datasource Mdb2 | 2024-02-04 | 4.3 MEDIUM | N/A |
| The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. | |||||
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2024-02-04 | 7.1 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||||