Vulnerabilities (CVE)

Filtered by CWE-264
Total 5229 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0228 1 Invensys 1 Wonderware Information Server 2024-02-28 7.5 HIGH N/A
Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-2007 1 Qemu 1 Qemu 2024-02-28 6.9 MEDIUM N/A
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2010-5106 1 Wordpress 1 Wordpress 2024-02-28 6.5 MEDIUM N/A
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
CVE-2013-3425 1 Cisco 1 Webex 2024-02-28 4.0 MEDIUM N/A
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
CVE-2013-2581 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2024-02-28 7.8 HIGH N/A
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
CVE-2013-4404 1 Redhat 1 Enterprise Mrg 2024-02-28 6.5 MEDIUM N/A
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors.
CVE-2010-5141 1 Bitcoin 2 Bitcoin Core, Wxbitcoin 2024-02-28 7.5 HIGH N/A
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.
CVE-2012-0179 1 Microsoft 2 Windows 7, Windows Server 2008 2024-02-28 7.2 HIGH N/A
Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
CVE-2013-3956 2 Microsoft, Novell 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more 2024-02-28 7.2 HIGH N/A
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
CVE-2012-3965 1 Mozilla 1 Firefox 2024-02-28 9.3 HIGH N/A
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.
CVE-2013-1859 2 Chris Desautels, Drupal 2 Node Parameter Control, Drupal 2024-02-28 6.4 MEDIUM N/A
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors.
CVE-2012-0680 1 Apple 1 Safari 2024-02-28 5.0 MEDIUM N/A
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
CVE-2013-2190 2 Clutter Project, Opensuse 2 Clutter, Opensuse 2024-02-28 2.1 LOW N/A
The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.
CVE-2012-5007 2 Drupal, Wizonesolutions 2 Drupal, Fillpdf 2024-02-28 5.0 MEDIUM N/A
The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information.
CVE-2013-1908 3 Acquia, Commons Wikis Project, Drupal 3 Commons, Commons Wikis, Drupal 2024-02-28 5.0 MEDIUM N/A
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
CVE-2010-3498 1 Avg 1 Anti-virus 2024-02-28 6.4 MEDIUM N/A
AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
CVE-2012-5938 3 Conectiva, Ibm, Novell 3 Linux, Infosphere Information Server, Unixware 2024-02-28 7.2 HIGH N/A
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVE-2013-5701 1 Watchguard 1 Server Center 2024-02-28 7.2 HIGH N/A
Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory.
CVE-2013-4825 1 Hp 2 Imc Service Operation Management Software Module, Intelligent Management Center 2024-02-28 7.5 HIGH N/A
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645.
CVE-2012-4491 2 Drupal, Earl Dunovant 2 Drupal, Monthly Archive By Node Type 2024-02-28 5.8 MEDIUM N/A
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors.