Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-6160

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Feb, 2009 | 16:00
Updated At-07 Aug, 2024 | 11:20
Rejected At-
Credits

Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Feb, 2009 | 16:00
Updated At:07 Aug, 2024 | 11:20
Rejected At:
▼CVE Numbering Authority (CNA)

Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/32191
third-party-advisory
x_refsource_SECUNIA
http://drupal.org/node/318749
x_refsource_CONFIRM
http://www.securityfocus.com/bid/31658
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/45762
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/32191
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://drupal.org/node/318749
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/31658
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45762
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/32191
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://drupal.org/node/318749
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/31658
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/45762
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/32191
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://drupal.org/node/318749
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31658
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45762
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Feb, 2009 | 16:30
Updated At:17 Aug, 2017 | 01:29

Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
The Drupal Association
drupal
>>semantically_interconnected_online_communities>>Versions up to 5.x_1.0(inclusive)
cpe:2.3:a:drupal:semantically_interconnected_online_communities:*:*:*:*:*:*:*:*
The Drupal Association
drupal
>>semantically_interconnected_online_communities>>Versions up to 6.x_1.0(inclusive)
cpe:2.3:a:drupal:semantically_interconnected_online_communities:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://drupal.org/node/318749cve@mitre.org
Patch
Vendor Advisory
http://secunia.com/advisories/32191cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/31658cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/45762cve@mitre.org
N/A
Hyperlink: http://drupal.org/node/318749
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32191
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/31658
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45762
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

267Records found
CVE-2008-6357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-02 Mar, 2009 | 16:00
Updated-07 Aug, 2024 | 11:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.

Action-Not Available
Vendor-donnafontenotn/a
Product-mycal_personal_events_calendarn/a
CWE ID-CWE-264
Not Available
CVE-2008-5855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.83% / 85.66%
||
7 Day CHG~0.00%
Published-06 Jan, 2009 | 17:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.

Action-Not Available
Vendor-myphpscriptsn/a
Product-login_sessionn/a
CWE ID-CWE-264
Not Available
CVE-2008-5951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-23 Jan, 2009 | 18:38
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.

Action-Not Available
Vendor-aspappsn/a
Product-template_creaturen/a
CWE ID-CWE-264
Not Available
CVE-2008-5929
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-21 Jan, 2009 | 18:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-vpaspn/a
Product-vp-asp_shopping_cartn/a
CWE ID-CWE-264
Not Available
CVE-2008-6008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.12%
||
7 Day CHG~0.00%
Published-30 Jan, 2009 | 18:03
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb.

Action-Not Available
Vendor-herongyangn/a
Product-hybookn/a
CWE ID-CWE-264
Not Available
CVE-2008-6494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-20 Mar, 2009 | 00:00
Updated-07 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.

Action-Not Available
Vendor-robs-projectsn/a
Product-asp_user_engine.netn/a
CWE ID-CWE-264
Not Available
CVE-2008-6057
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-04 Feb, 2009 | 15:10
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.

Action-Not Available
Vendor-liberumn/a
Product-liberum_help_deskn/a
CWE ID-CWE-264
Not Available
CVE-2008-6770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.43% / 86.99%
||
7 Day CHG~0.00%
Published-29 Apr, 2009 | 18:06
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt.

Action-Not Available
Vendor-peterselien/a
Product-yourplacen/a
CWE ID-CWE-264
Not Available
CVE-2008-6355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.03% / 83.08%
||
7 Day CHG~0.00%
Published-02 Mar, 2009 | 16:00
Updated-07 Aug, 2024 | 11:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb.

Action-Not Available
Vendor-thenetguysn/a
Product-aspired2protectn/a
CWE ID-CWE-264
Not Available
CVE-2008-5956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-23 Jan, 2009 | 18:38
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.

Action-Not Available
Vendor-phpstreetn/a
Product-webboardn/a
CWE ID-CWE-264
Not Available
CVE-2008-6388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-02 Mar, 2009 | 19:00
Updated-07 Aug, 2024 | 11:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.

Action-Not Available
Vendor-4u2gesn/a
Product-rapid_classifiedn/a
CWE ID-CWE-264
Not Available
CVE-2008-6493
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-20 Mar, 2009 | 00:00
Updated-07 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.

Action-Not Available
Vendor-easy-newsn/a
Product-easy_content_management_publishingn/a
CWE ID-CWE-264
Not Available
CVE-2008-6356
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-02 Mar, 2009 | 16:00
Updated-07 Aug, 2024 | 11:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.

Action-Not Available
Vendor-donnafontenotn/a
Product-evcal_events_calendarn/a
CWE ID-CWE-264
Not Available
CVE-2008-5925
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.75%
||
7 Day CHG~0.00%
Published-21 Jan, 2009 | 18:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.

Action-Not Available
Vendor-asp-devn/a
Product-xm_events_diaryn/a
CWE ID-CWE-264
Not Available
CVE-2008-5274
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.77% / 81.90%
||
7 Day CHG~0.00%
Published-28 Nov, 2008 | 18:26
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-toddwoolumsn/a
Product-todd_woolums_asp_news_managementn/a
CWE ID-CWE-264
Not Available
CVE-2008-5606
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.43% / 84.55%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.

Action-Not Available
Vendor-gazatem_technologiesn/a
Product-qmail_mailing_list_managern/a
CWE ID-CWE-264
Not Available
CVE-2008-5218
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.89% / 85.79%
||
7 Day CHG~0.00%
Published-25 Nov, 2008 | 18:09
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords.

Action-Not Available
Vendor-scriptsezn/a
Product-freeze_greetingsn/a
CWE ID-CWE-264
Not Available
CVE-2008-5773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.51% / 84.76%
||
7 Day CHG~0.00%
Published-30 Dec, 2008 | 20:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.

Action-Not Available
Vendor-nukeditn/a
Product-nukeditn/a
CWE ID-CWE-264
Not Available
CVE-2008-5549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 63.33%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_portal_servern/a
CWE ID-CWE-264
Not Available
CVE-2008-5601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.83% / 85.66%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.

Action-Not Available
Vendor-robs-projectsn/a
Product-asp_user_enginen/a
CWE ID-CWE-264
Not Available
CVE-2008-5562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.74% / 81.75%
||
7 Day CHG~0.00%
Published-15 Dec, 2008 | 17:45
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.

Action-Not Available
Vendor-aspappsn/a
Product-aspportaln/a
CWE ID-CWE-264
Not Available
CVE-2008-5128
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.26%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.

Action-Not Available
Vendor-ocean12_technologiesn/a
Product-membership_manager_pron/a
CWE ID-CWE-264
Not Available
CVE-2008-5505
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.83% / 73.64%
||
7 Day CHG~0.00%
Published-17 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-264
Not Available
CVE-2008-5459
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.33% / 55.56%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 02:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CWE ID-CWE-264
Not Available
CVE-2008-5572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.54% / 87.21%
||
7 Day CHG~0.00%
Published-15 Dec, 2008 | 17:45
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.

Action-Not Available
Vendor-dotnetindexn/a
Product-professional_download_assistantn/a
CWE ID-CWE-264
Not Available
CVE-2008-5592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.83% / 85.66%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb.

Action-Not Available
Vendor-iwriten/a
Product-nightfall_personal_diaryn/a
CWE ID-CWE-264
Not Available
CVE-2008-5597
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.

Action-Not Available
Vendor-cold_bbsn/a
Product-cold_bbsn/a
CWE ID-CWE-264
Not Available
CVE-2008-5560
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.89% / 85.79%
||
7 Day CHG~0.00%
Published-15 Dec, 2008 | 17:45
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.

Action-Not Available
Vendor-dazzlindonnan/a
Product-postecardsn/a
CWE ID-CWE-264
Not Available
CVE-2008-5602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.

Action-Not Available
Vendor-natterchatn/a
Product-natterchatn/a
CWE ID-CWE-264
Not Available
CVE-2008-5596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.51% / 84.76%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.

Action-Not Available
Vendor-dotnetindexn/a
Product-ikon_admanagern/a
CWE ID-CWE-264
Not Available
CVE-2008-5130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.26%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.

Action-Not Available
Vendor-ocean12_technologiesn/a
Product-calendar_managern/a
CWE ID-CWE-264
Not Available
CVE-2008-5600
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.83% / 85.66%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.

Action-Not Available
Vendor-merlixn/a
Product-teamworx_servern/a
CWE ID-CWE-264
Not Available
CVE-2008-5127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.26%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.

Action-Not Available
Vendor-ocean12_technologiesn/a
Product-contact_managern/a
CWE ID-CWE-264
Not Available
CVE-2008-5603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.83% / 85.66%
||
7 Day CHG~0.00%
Published-16 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.

Action-Not Available
Vendor-aspappsn/a
Product-asptickern/a
CWE ID-CWE-264
Not Available
CVE-2008-5129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.26%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.

Action-Not Available
Vendor-ocean12_technologiesn/a
Product-poll_managern/a
CWE ID-CWE-264
Not Available
CVE-2008-3717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.36% / 57.21%
||
7 Day CHG~0.00%
Published-19 Aug, 2008 | 19:10
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.

Action-Not Available
Vendor-harmonin/a
Product-harmonin/a
CWE ID-CWE-264
Not Available
CVE-2008-3728
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 65.62%
||
7 Day CHG~0.00%
Published-20 Aug, 2008 | 16:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/.

Action-Not Available
Vendor-microworld_technologiesn/a
Product-mailscann/a
CWE ID-CWE-264
Not Available
CVE-2008-4512
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.12%
||
7 Day CHG~0.00%
Published-09 Oct, 2008 | 16:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

Action-Not Available
Vendor-designplacen/a
Product-asp\/ms_access_shoutboxn/a
CWE ID-CWE-264
Not Available
CVE-2008-4297
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.27%
||
7 Day CHG~0.00%
Published-27 Sep, 2008 | 00:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

Action-Not Available
Vendor-mercurialn/a
Product-mercurialn/a
CWE ID-CWE-264
Not Available
CVE-2008-3226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.39% / 79.61%
||
7 Day CHG~0.00%
Published-18 Jul, 2008 | 16:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CWE ID-CWE-264
Not Available
CVE-2008-3273
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-29.39% / 96.43%
||
7 Day CHG~0.00%
Published-10 Aug, 2008 | 20:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

Action-Not Available
Vendor-jbossn/a
Product-enterprise_application_platformn/a
CWE ID-CWE-264
Not Available
CVE-2008-3395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.21%
||
7 Day CHG~0.00%
Published-31 Jul, 2008 | 16:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-calacoden/aLinux Kernel Organization, Inc
Product-atmaillinux_kerneln/a
CWE ID-CWE-264
Not Available
CVE-2008-2724
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 51.72%
||
7 Day CHG~0.00%
Published-16 Jun, 2008 | 23:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions.

Action-Not Available
Vendor-menalton/a
Product-galleryn/a
CWE ID-CWE-264
Not Available
CVE-2008-2873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.25% / 86.61%
||
7 Day CHG~0.00%
Published-26 Jun, 2008 | 17:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.

Action-Not Available
Vendor-aspindirn/a
Product-shibby_shopn/a
CWE ID-CWE-264
Not Available
CVE-2008-3508
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.19% / 86.47%
||
7 Day CHG~0.00%
Published-07 Aug, 2008 | 20:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.

Action-Not Available
Vendor-wogan_mayn/a
Product-litenewsn/a
CWE ID-CWE-264
Not Available
CVE-2008-2226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.34%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 18:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-openkmn/a
Product-openkmn/a
CWE ID-CWE-264
Not Available
CVE-2008-2138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-42.38% / 97.36%
||
7 Day CHG~0.00%
Published-12 May, 2008 | 16:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_server_portaln/a
CWE ID-CWE-264
Not Available
CVE-2008-2062
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.64% / 69.56%
||
7 Day CHG~0.00%
Published-26 Jun, 2008 | 17:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-264
Not Available
CVE-2008-2402
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.39% / 59.27%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_asp_servern/a
CWE ID-CWE-264
Not Available
CVE-2008-2331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-16 Sep, 2008 | 23:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-264
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found