Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-5058 | 1 3ssoftware | 1 Codesys | 2024-02-28 | 6.4 MEDIUM | N/A |
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | |||||
CVE-2009-5002 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-28 | 6.4 MEDIUM | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | |||||
CVE-2010-2465 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. | |||||
CVE-2010-2968 | 1 Windriver | 1 Vxworks | 2024-02-28 | 7.8 HIGH | N/A |
The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
CVE-2010-3898 | 1 Ibm | 1 Omnifind | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. | |||||
CVE-2011-2687 | 1 Drupal | 1 Drupal | 2024-02-28 | 7.5 HIGH | N/A |
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. | |||||
CVE-2009-4502 | 3 Freebsd, Sun, Zabbix | 3 Freebsd, Solaris, Zabbix | 2024-02-28 | 9.3 HIGH | N/A |
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. | |||||
CVE-2011-2569 | 1 Cisco | 3 Nx-os, Unified Computing System, Unified Computing System Infrastructure And Unified Computing System Software | 2024-02-28 | 6.8 MEDIUM | N/A |
Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. | |||||
CVE-2010-2764 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. | |||||
CVE-2010-0005 | 1 Viewvc | 1 Viewvc | 2024-02-28 | 7.5 HIGH | N/A |
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. | |||||
CVE-2010-2197 | 1 Rpm | 1 Rpm | 2024-02-28 | 5.8 MEDIUM | N/A |
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. | |||||
CVE-2011-4434 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-28 | 3.6 LOW | N/A |
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. | |||||
CVE-2003-1595 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-02-28 | 10.0 HIGH | N/A |
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. | |||||
CVE-2012-0005 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2024-02-28 | 6.9 MEDIUM | N/A |
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." | |||||
CVE-2010-0665 | 1 Xs4all | 1 Jag | 2024-02-28 | 5.0 MEDIUM | N/A |
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql. | |||||
CVE-2009-4874 | 1 Scripts.oldguy | 1 Talkback | 2024-02-28 | 6.4 MEDIUM | N/A |
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments. | |||||
CVE-2011-1847 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.9 MEDIUM | N/A |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-1376 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.6 MEDIUM | N/A |
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. | |||||
CVE-2010-2540 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2024-02-28 | 10.0 HIGH | N/A |
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments. | |||||
CVE-2010-0977 | 1 Pordus | 1 Pd Portal | 2024-02-28 | 5.0 MEDIUM | N/A |
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. |