Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4387 | 1 Apache | 1 Struts | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
|
|||||
| CVE-2009-4851 | 1 Xoops | 1 Xoops | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
|
|||||
| CVE-2010-5144 | 1 Websense | 3 Websense, Websense Web Filter, Websense Web Security | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
|
|||||
| CVE-2010-1805 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.
|
|||||
| CVE-2010-3107 | 1 Novell | 1 Iprint | 2025-04-11 | 7.1 HIGH | N/A |
|
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.
|
|||||
| CVE-2010-0509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.2 HIGH | N/A |
|
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
|
|||||
| CVE-2010-1190 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 4.3 MEDIUM | N/A |
|
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.
|
|||||
| CVE-2013-3859 | 1 Microsoft | 2 Office, Pinyin Ime | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."
|
|||||
| CVE-2013-1859 | 2 Chris Desautels, Drupal | 2 Node Parameter Control, Drupal | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors.
|
|||||
| CVE-2013-1775 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2025-04-11 | 6.9 MEDIUM | N/A |
|
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
|
|||||
| CVE-2003-1593 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 7.5 HIGH | N/A |
|
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.
|
|||||
| CVE-2012-4522 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
|
|||||
| CVE-2012-2179 | 1 Ibm | 1 Aix | 2025-04-11 | 6.9 MEDIUM | N/A |
|
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2014-0657 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
|
|||||
| CVE-2013-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.9 MEDIUM | N/A |
|
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
|
|||||
| CVE-2013-5371 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-11 | 2.1 LOW | N/A |
|
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
|
|||||
| CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 3.6 LOW | N/A |
|
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
|
|||||
| CVE-2011-4773 | 2 Android, Anguanjia | 2 Android, Anguanjia | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.
|
|||||
| CVE-2010-0185 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
|
|||||
| CVE-2011-3436 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
|
|||||
| CVE-2013-1958 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
|
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.
|
|||||
| CVE-2010-2657 | 3 Apple, Microsoft, Opera | 3 Macos, Windows, Opera Browser | 2025-04-11 | 9.3 HIGH | N/A |
|
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
|
|||||
| CVE-2011-4690 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
|
|||||
| CVE-2012-1430 | 8 Aladdin, Bitdefender, Comodo and 5 more | 9 Esafe, Bitdefender, Comodo Antivirus and 6 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional informa ...
Show More |
|||||
| CVE-2011-4197 | 1 Pfsense | 1 Pfsense | 2025-04-11 | 7.5 HIGH | N/A |
|
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.
|
|||||
| CVE-2012-3537 | 1 Dell | 1 Crowbar | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
|
|||||
| CVE-2008-7282 | 1 Otrs | 1 Otrs | 2025-04-11 | 4.6 MEDIUM | N/A |
|
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.
|
|||||
| CVE-2010-3813 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm ...
Show More |
|||||
| CVE-2013-0510 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 4.3 MEDIUM | N/A |
|
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies.
|
|||||
| CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2025-04-11 | 7.2 HIGH | N/A |
|
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
|
|||||
| CVE-2010-2555 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
|
|||||
| CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2025-04-11 | 7.2 HIGH | N/A |
|
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
|
|||||
| CVE-2013-4872 | 1 Google | 1 Glass | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack.
|
|||||
| CVE-2012-5179 | 1 Boatmob | 2 Boat Browser, Boat Browser Mini | 2025-04-11 | 2.1 LOW | N/A |
|
The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
|
|||||
| CVE-2012-5629 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2025-04-11 | 7.5 HIGH | N/A |
|
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
|
|||||
| CVE-2013-1717 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 5.4 MEDIUM | N/A |
|
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.
|
|||||
| CVE-2012-4430 | 2 Bacula, Debian | 2 Bacula, Debian Linux | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
|
|||||
| CVE-2010-0534 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests.
|
|||||
| CVE-2013-5502 | 1 Cisco | 1 Mediasense | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344.
|
|||||
| CVE-2010-2427 | 1 Vmware | 1 Studio | 2025-04-11 | 4.4 MEDIUM | N/A |
|
VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors.
|
|||||