Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2466 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2025-04-11 | N/A |
| The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. | ||||
| CVE-2010-2455 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | ||||
| CVE-2014-1903 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2025-04-11 | N/A |
| admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. | ||||
| CVE-2010-2442 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." | ||||
| CVE-2009-4762 | 1 Moinmo | 1 Moinmoin | 2025-04-11 | N/A |
| MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. | ||||
| CVE-2009-4765 | 1 Cnr.somee | 1 Hikaye Portal | 2025-04-11 | N/A |
| CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb. | ||||
| CVE-2010-2427 | 1 Vmware | 1 Studio | 2025-04-11 | N/A |
| VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2010-2363 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2025-04-11 | N/A |
| The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended access restrictions via a spoofed IP address. | ||||
| CVE-2010-2347 | 1 Sap | 2 J2ee Engine Core, Server Core | 2025-04-11 | N/A |
| The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. | ||||
| CVE-2007-6741 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | N/A |
| The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017. | ||||
| CVE-2010-2320 | 1 Eterna | 1 Bozohttpd | 2025-04-11 | N/A |
| bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. | ||||
| CVE-2009-4820 | 1 Aspindir | 1 Angelo-emlak | 2025-04-11 | N/A |
| Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | ||||
| CVE-2014-1672 | 1 Checkpoint | 2 Management Server, Security Gateway | 2025-04-11 | N/A |
| Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions. | ||||
| CVE-2010-2296 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. | ||||
| CVE-2014-1666 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. | ||||
| CVE-2010-2291 | 1 Snom | 1 Voip Phone Firmware | 2025-04-11 | N/A |
| Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6740 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | N/A |
| The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | ||||
| CVE-2014-1643 | 1 Symantec | 1 Encryption Management Server | 2025-04-11 | N/A |
| The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL. | ||||
| CVE-2010-2242 | 2 Libvirt, Redhat | 2 Libvirt, Rhel Virtualization | 2025-04-11 | N/A |
| Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | ||||
| CVE-2010-2241 | 1 Redhat | 1 Directory Server | 2025-04-11 | N/A |
| The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. | ||||