ReportizFlow
Filtered by vendor
Subscriptions
Total
5490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2389 | 1 W1.fi | 1 Hostapd | 2025-04-11 | N/A |
| hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. | ||||
| CVE-2012-3504 | 1 Fedoraproject | 1 Crypto-utils | 2025-04-11 | N/A |
| The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. | ||||
| CVE-2012-2164 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | N/A |
| The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack. | ||||
| CVE-2010-0180 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. | ||||
| CVE-2010-3055 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. | ||||
| CVE-2010-3092 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. | ||||
| CVE-2010-3093 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. | ||||
| CVE-2011-2687 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. | ||||
| CVE-2013-6727 | 1 Ibm | 1 Sametime | 2025-04-11 | N/A |
| The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2011-4202 | 1 Restorepoint | 1 Restorepoint | 2025-04-11 | N/A |
| The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file. | ||||
| CVE-2013-0467 | 1 Ibm | 1 Data Studio | 2025-04-11 | N/A |
| IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. | ||||
| CVE-2011-3408 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | N/A |
| Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." | ||||
| CVE-2013-0529 | 1 Ibm | 1 Sterling Connect Direct User Interface | 2025-04-11 | N/A |
| The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2012-1011 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2025-04-11 | N/A |
| actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2012-1429 | 8 Aladdin, Comodo, Emsisoft and 5 more | 9 Esafe, Comodo Antivirus, Anti-malware and 6 more | 2025-04-11 | N/A |
| The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||
| CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2025-04-11 | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | ||||
| CVE-2012-2378 | 2 Apache, Redhat | 2 Cxf, Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. | ||||
| CVE-2013-2930 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-11 | N/A |
| The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. | ||||
| CVE-2012-2977 | 1 Symantec | 1 Web Gateway | 2025-04-11 | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. | ||||
| CVE-2013-0577 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | N/A |
| The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors. | ||||