Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3226 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
| Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | |||||
| CVE-2011-3417 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
| The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." | |||||
| CVE-2011-5083 | 1 Dotclear | 1 Dotclear | 2024-02-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2010-2660 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. | |||||
| CVE-2010-1805 | 2 Apple, Microsoft | 2 Safari, Windows | 2024-02-28 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | |||||
| CVE-2011-1311 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.0 MEDIUM | N/A |
| The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. | |||||
| CVE-2010-0681 | 1 Zeuscms | 1 Zeuscms | 2024-02-28 | 5.0 MEDIUM | N/A |
| ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. | |||||
| CVE-2010-1755 | 1 Apple | 2 Iphone Os, Ipod Touch | 2024-02-28 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. | |||||
| CVE-2012-0450 | 3 Apple, Linux, Mozilla | 4 Mac Os X, Linux Kernel, Firefox and 1 more | 2024-02-28 | 2.1 LOW | N/A |
| Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. | |||||
| CVE-2011-4690 | 1 Opera | 1 Opera Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
| Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | |||||
| CVE-2010-3779 | 1 Dovecot | 1 Dovecot | 2024-02-28 | 3.5 LOW | N/A |
| Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. | |||||
| CVE-2011-2674 | 1 Basercms | 1 Basercms | 2024-02-28 | 4.9 MEDIUM | N/A |
| BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2009-4358 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.7 MEDIUM | N/A |
| freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. | |||||
| CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-28 | 3.6 LOW | N/A |
| MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | |||||
| CVE-2003-1596 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-02-28 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2011-4702 | 2 Android, Nimbuzz | 2 Android, Nimbuzz | 2024-02-28 | 5.8 MEDIUM | N/A |
| The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. | |||||
| CVE-2007-6740 | 1 G.rodola | 1 Pyftpdlib | 2024-02-28 | 4.0 MEDIUM | N/A |
| The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | |||||
| CVE-2010-1757 | 1 Apple | 2 Iphone Os, Ipod Touch | 2024-02-28 | 6.4 MEDIUM | N/A |
| WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. | |||||
| CVE-2011-0316 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | |||||
| CVE-2010-1170 | 1 Postgresql | 1 Postgresql | 2024-02-28 | 6.0 MEDIUM | N/A |
| The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. | |||||