ReportizFlow
Filtered by vendor
Subscriptions
Total
5489 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0231 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | N/A |
| The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." | ||||
| CVE-2011-4679 | 1 Vtiger | 1 Vtiger Crm | 2025-04-11 | N/A |
| vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. | ||||
| CVE-2011-2486 | 2 Nspluginwrapper, Redhat | 2 Nspluginwrapper, Enterprise Linux | 2025-04-11 | N/A |
| nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash. | ||||
| CVE-2011-2674 | 1 Basercms | 1 Basercms | 2025-04-11 | N/A |
| BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2010-0451 | 1 Hp | 1 Hp-ux | 2025-04-11 | N/A |
| The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests. | ||||
| CVE-2011-3871 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2025-04-11 | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. | ||||
| CVE-2011-4355 | 2 Gnu, Redhat | 2 Gdb, Enterprise Linux | 2025-04-11 | N/A |
| GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. | ||||
| CVE-2011-2330 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-11 | N/A |
| Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220. | ||||
| CVE-2011-2169 | 1 Google | 1 Chrome Os | 2025-04-11 | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | ||||
| CVE-2010-0534 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | ||||
| CVE-2011-5083 | 1 Dotclear | 1 Dotclear | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2013-0246 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. | ||||
| CVE-2008-7279 | 1 Otrs | 1 Otrs | 2025-04-11 | N/A |
| The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors. | ||||
| CVE-2011-0523 | 1 Iain | 1 Gypsy | 2025-04-11 | N/A |
| gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. | ||||
| CVE-2010-1386 | 1 Apple | 1 Webkit | 2025-04-11 | N/A |
| page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. | ||||
| CVE-2010-1671 | 1 Pharscape | 1 Hsolink | 2025-04-11 | N/A |
| hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action. | ||||
| CVE-2012-3391 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. | ||||
| CVE-2011-0466 | 1 Novell | 1 Opensuse Build Service | 2025-04-11 | N/A |
| The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. | ||||
| CVE-2010-4045 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context. | ||||
| CVE-2011-0401 | 1 Matomo | 1 Matomo | 2025-04-11 | N/A |
| Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions. | ||||