Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0316 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.
|
|||||
| CVE-2012-2707 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.
|
|||||
| CVE-2010-2465 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.
|
|||||
| CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
|
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.
|
|||||
| CVE-2012-0459 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
|
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.
|
|||||
| CVE-2013-3952 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
|
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.
|
|||||
| CVE-2013-3264 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.
|
|||||
| CVE-2011-5060 | 1 Roderich Schupp | 1 Par-packer Module | 2025-04-11 | 3.3 LOW | N/A |
|
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
|
|||||
| CVE-2010-0429 | 1 Redhat | 2 Enterprise Virtualization, Qspice | 2025-04-11 | 6.6 MEDIUM | N/A |
|
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
|
|||||
| CVE-2012-4731 | 1 Bestpractical | 1 Rtfm | 2025-04-11 | 4.0 MEDIUM | N/A |
|
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
|
|||||
| CVE-2013-3596 | 1 Advanceprotech | 1 Advanceware | 2025-04-11 | 4.0 MEDIUM | N/A |
|
AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter.
|
|||||
| CVE-2011-2999 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.
|
|||||
| CVE-2010-3093 | 1 Drupal | 1 Drupal | 2025-04-11 | 3.5 LOW | N/A |
|
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.
|
|||||
| CVE-2012-5302 | 1 Tibco | 1 Formvine | 2025-04-11 | 7.5 HIGH | N/A |
|
The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
|
|||||
| CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.
|
|||||
| CVE-2012-5458 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-11 | 8.3 HIGH | N/A |
|
VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.
|
|||||
| CVE-2010-3893 | 1 Ibm | 1 Omnifind | 2025-04-11 | 7.5 HIGH | N/A |
|
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.
|
|||||
| CVE-2012-4443 | 1 Monkey-project | 1 Monkey | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
|
|||||
| CVE-2012-3361 | 1 Openstack | 3 Diablo, Essex, Folsom | 2025-04-11 | 5.5 MEDIUM | N/A |
|
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
|
|||||
| CVE-2013-4505 | 1 Apache | 2 Mod Dontdothat, Subversion | 2025-04-11 | 2.6 LOW | N/A |
|
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
|
|||||
| CVE-2012-2170 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.
|
|||||
| CVE-2011-0528 | 1 Puppet | 1 Puppet | 2025-04-11 | 5.5 MEDIUM | N/A |
|
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
|
|||||
| CVE-2013-5162 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
|
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
|
|||||
| CVE-2013-1979 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
|
|||||
| CVE-2013-5428 | 1 Ibm | 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware | 2025-04-11 | 7.1 HIGH | N/A |
|
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.
|
|||||
| CVE-2011-3140 | 1 Ibm | 3 G400 Ips-g400-ib-1 Appliance, Gx4004 Ips-gx4004-ib-2 Appliance, Web Application Firewall | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server.
|
|||||
| CVE-2010-4043 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
|
|||||
| CVE-2011-2157 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields.
|
|||||
| CVE-2013-4475 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
|
|||||
| CVE-2013-2051 | 1 Redhat | 1 Enterprise Linux | 2025-04-11 | 2.6 LOW | N/A |
|
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
|
|||||
| CVE-2012-5665 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.
|
|||||
| CVE-2013-3503 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | 3.5 LOW | N/A |
|
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2010-0039 | 1 Apple | 5 Airport Express, Airport Express Base Station Firmware, Airport Extreme and 2 more | 2025-04-11 | 2.6 LOW | N/A |
|
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
|
|||||
| CVE-2012-5187 | 1 Weathernews | 1 Weathernews Touch | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.
|
|||||
| CVE-2011-1402 | 1 Mahara | 1 Mahara | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/in ...
Show More |
|||||
| CVE-2009-2901 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
|
|||||
| CVE-2010-0593 | 1 Cisco | 5 Pvc2300, Rvs4000, Wvc200 and 2 more | 2025-04-11 | 9.0 HIGH | N/A |
|
The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 ...
Show More |
|||||
| CVE-2012-3369 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.
|
|||||
| CVE-2011-4434 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 3.6 LOW | N/A |
|
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
|
|||||
| CVE-2010-0984 | 1 Acidcat | 1 Acidcat Cms | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
|
|||||