Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2725 | 2 Authoring Html, Drupal | 2 6.x-1.0, Drupal | 2024-02-28 | 3.5 LOW | N/A |
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. | |||||
CVE-2013-5489 | 1 Cisco | 1 Socialminer | 2024-02-28 | 5.0 MEDIUM | N/A |
The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125. | |||||
CVE-2012-4553 | 1 Drupal | 1 Drupal | 2024-02-28 | 6.8 MEDIUM | N/A |
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." | |||||
CVE-2012-1448 | 4 Cat, Emsisoft, Ikarus and 1 more | 5 Quick Heal, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
CVE-2012-1239 | 1 Toshibatec | 64 E-studio-167 With Network Printer Kit, E-studio-167 With Network Printer Kit Firmware, E-studio-181 With Network Printer Kit and 61 more | 2024-02-28 | 10.0 HIGH | N/A |
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. | |||||
CVE-2012-2660 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2024-02-28 | 6.4 MEDIUM | N/A |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694. | |||||
CVE-2013-5572 | 1 Zabbix | 1 Zabbix | 2024-02-28 | 3.5 LOW | N/A |
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code. | |||||
CVE-2012-5417 | 1 Cisco | 1 Prime Data Center Network Manager | 2024-02-28 | 10.0 HIGH | N/A |
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. | |||||
CVE-2012-3387 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check. | |||||
CVE-2012-2058 | 2 Drupal, Paypal | 2 Drupal, Ubercart Payflow | 2024-02-28 | 5.0 MEDIUM | N/A |
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. | |||||
CVE-2012-6422 | 2 Meizu, Samsung | 3 Mx, Galaxy Note 2, Galaxy S2 | 2024-02-28 | 9.3 HIGH | N/A |
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | |||||
CVE-2011-3098 | 3 Google, Microsoft, Opensuse | 3 Chrome, Windows, Opensuse | 2024-02-28 | 7.2 HIGH | N/A |
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. | |||||
CVE-2012-2760 | 1 Findingscience | 1 Mod Auth Openid | 2024-02-28 | 2.1 LOW | N/A |
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. | |||||
CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2024-02-28 | 7.2 HIGH | N/A |
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | |||||
CVE-2013-5754 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2024-02-28 | 10.0 HIGH | N/A |
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612. | |||||
CVE-2013-2171 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.9 MEDIUM | N/A |
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls. | |||||
CVE-2013-3693 | 1 Blackberry | 1 Blackberry Enterprise Service | 2024-02-28 | 7.9 HIGH | N/A |
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. | |||||
CVE-2013-4400 | 1 Redhat | 1 Libvirt | 2024-02-28 | 7.2 HIGH | N/A |
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. | |||||
CVE-2010-5276 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2024-02-28 | 4.3 MEDIUM | N/A |
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | |||||
CVE-2012-3728 | 1 Apple | 1 Iphone Os | 2024-02-28 | 6.9 MEDIUM | N/A |
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. |