Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5169 | 1 Apple | 1 Mac Os X | 2025-04-11 | 1.9 LOW | N/A |
|
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
|
|||||
| CVE-2012-3742 | 1 Apple | 1 Iphone Os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.
|
|||||
| CVE-2011-4691 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
|
|||||
| CVE-2011-3226 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account.
|
|||||
| CVE-2010-2059 | 1 Rpm | 1 Rpm | 2025-04-11 | 7.2 HIGH | N/A |
|
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
|
|||||
| CVE-2012-2225 | 1 360zip | 1 360zip | 2025-04-11 | 7.5 HIGH | N/A |
|
360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction.
|
|||||
| CVE-2012-1426 | 6 Authentium, Cat, F-prot and 3 more | 6 Command Antivirus, Quick Heal, F-prot Antivirus and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \42\5A\68 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
|
|||||
| CVE-2008-7298 | 2 Android, Google | 2 Android Browser, Android | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
|
|||||
| CVE-2009-5019 | 1 Webwiz | 1 Web Wiz Newspad | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
|
|||||
| CVE-2012-1457 | 26 Aladdin, Alwil, Anti-virus and 23 more | 28 Esafe, Avast Antivirus, Vba32 and 25 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Viru ...
Show More |
|||||
| CVE-2013-1802 | 1 Dan Kubb | 1 Extlib | 2025-04-11 | 7.5 HIGH | N/A |
|
The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
|
|||||
| CVE-2013-3280 | 1 Emc | 1 Rsa Authentication Agent | 2025-04-11 | 7.5 HIGH | N/A |
|
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.
|
|||||
| CVE-2013-6685 | 1 Cisco | 4 Unified Ip Phone 8961, Unified Ip Phone 9951, Unified Ip Phone 9971 and 1 more | 2025-04-11 | 6.6 MEDIUM | N/A |
|
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.
|
|||||
| CVE-2010-4485 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.
|
|||||
| CVE-2012-0956 | 1 Ubiquity Slideshow Team | 1 Ubiquity-slideshow-ubuntu | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed.
|
|||||
| CVE-2012-5675 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors.
|
|||||
| CVE-2013-3709 | 2 Novell, Suse | 3 Suse Lifecycle Management Server, Studio Onsite, Webyast | 2025-04-11 | 7.2 HIGH | N/A |
|
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
|
|||||
| CVE-2013-0731 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
|
ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.
|
|||||
| CVE-2010-5106 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
|
|||||
| CVE-2010-0571 | 1 Cisco | 1 Digital Media Manager | 2025-04-11 | 8.5 HIGH | N/A |
|
Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008.
|
|||||
| CVE-2013-0676 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.
|
|||||
| CVE-2013-5030 | 1 Ruckuswireless | 2 Zoneflex 2942, Zoneflex 2942 Firmware | 2025-04-11 | 7.2 HIGH | N/A |
|
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.
|
|||||
| CVE-2012-1424 | 6 Antiy, Cat, Jiangmin and 3 more | 6 Avl Sdk, Quick Heal, Jiangmin Antivirus and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implem ...
Show More |
|||||
| CVE-2011-1032 | 1 Ibm | 2 Lotus Connections, Websphere Application Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
|
|||||
| CVE-2013-5754 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2025-04-11 | 10.0 HIGH | N/A |
|
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
|
|||||
| CVE-2011-5083 | 1 Dotclear | 1 Dotclear | 2025-04-11 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.
|
|||||
| CVE-2013-1695 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.
|
|||||
| CVE-2012-3491 | 1 Condor Project | 1 Condor | 2025-04-11 | 4.0 MEDIUM | N/A |
|
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
|
|||||
| CVE-2013-2881 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
|
|||||
| CVE-2011-2993 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 9.3 HIGH | N/A |
|
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
|
|||||
| CVE-2013-5144 | 1 Apple | 1 Iphone Os | 2025-04-11 | 3.3 LOW | N/A |
|
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
|
|||||
| CVE-2010-0812 | 1 Microsoft | 5 Windows 2003 Server, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
|
|||||
| CVE-2012-2760 | 1 Findingscience | 1 Mod Auth Openid | 2025-04-11 | 2.1 LOW | N/A |
|
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
|
|||||
| CVE-2013-3426 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810.
|
|||||
| CVE-2013-1214 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546.
|
|||||
| CVE-2012-4954 | 1 Vanillaforums | 2 Vanilla, Vanilla Forums | 2025-04-11 | 3.5 LOW | N/A |
|
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
|
|||||
| CVE-2013-6964 | 1 Cisco | 1 Webex Meeting Center | 2025-04-11 | 3.5 LOW | N/A |
|
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.
|
|||||
| CVE-2012-4861 | 1 Ibm | 1 Infosphere Replication Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL.
|
|||||
| CVE-2013-1940 | 2 Canonical, X | 2 Ubuntu Linux, X.org-xserver | 2025-04-11 | 2.1 LOW | N/A |
|
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
|
|||||
| CVE-2012-0465 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header.
|
|||||