Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5275 | 1 Gplhost | 1 Domain Technologie Control | 2024-11-21 | 7.5 HIGH | N/A |
| The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges. | |||||
| CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.0 MEDIUM | N/A |
| wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. | |||||
| CVE-2011-5144 | 1 Obm | 1 Open Business Management | 2024-11-21 | 5.0 MEDIUM | N/A |
| Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function. | |||||
| CVE-2011-5102 | 1 Websense | 4 Websense Web Filter, Websense Web Security, Websense Web Security Gateway and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. | |||||
| CVE-2011-5098 | 1 Opscode | 1 Chef | 2024-11-21 | 6.5 MEDIUM | N/A |
| chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option. | |||||
| CVE-2011-5097 | 1 Opscode | 1 Chef | 2024-11-21 | 5.5 MEDIUM | N/A |
| chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command. | |||||
| CVE-2011-5093 | 1 Bestpractical | 1 Rt | 2024-11-21 | 6.5 MEDIUM | N/A |
| Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092. | |||||
| CVE-2011-5092 | 1 Bestpractical | 1 Rt | 2024-11-21 | 7.5 HIGH | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093. | |||||
| CVE-2011-5083 | 1 Dotclear | 1 Dotclear | 2024-11-21 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2011-5078 | 1 Sybase | 1 M-business Anywhere | 2024-11-21 | 6.5 MEDIUM | N/A |
| The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499. | |||||
| CVE-2011-5062 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. | |||||
| CVE-2011-5060 | 1 Roderich Schupp | 1 Par-packer Module | 2024-11-21 | 3.3 LOW | N/A |
| The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114. | |||||
| CVE-2011-5058 | 1 3ssoftware | 1 Codesys | 2024-11-21 | 6.4 MEDIUM | N/A |
| The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | |||||
| CVE-2011-5057 | 1 Apache | 1 Struts | 2024-11-21 | 5.0 MEDIUM | N/A |
| Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor." | |||||
| CVE-2011-5044 | 1 Sopcast | 1 Sopcast | 2024-11-21 | 7.2 HIGH | N/A |
| SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program. | |||||
| CVE-2011-5010 | 1 Ctekproducts | 1 Skyrouter | 2024-11-21 | 10.0 HIGH | N/A |
| apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action. | |||||
| CVE-2011-4961 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 6.0 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. | |||||
| CVE-2011-4945 | 1 Michael Biebl | 1 Policykit | 2024-11-21 | 6.9 MEDIUM | N/A |
| PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication. | |||||
| CVE-2011-4944 | 1 Python | 1 Python | 2024-11-21 | 1.9 LOW | N/A |
| Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | |||||
| CVE-2011-4939 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 6.4 MEDIUM | N/A |
| The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room. | |||||