| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. |
| ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. |
| The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. |
| PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable. |
| PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. |
| xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. |
| The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. |
| The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory. |
| Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets. |
| Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. |
| PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. |
| Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen." |
| Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. |
| Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI. |
| myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt. |
| ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. |
| VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information. |
| zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php. |
| The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information. |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. |
