Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4520 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Commentreference | 2024-02-28 | 5.0 MEDIUM | N/A |
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | |||||
CVE-2011-4771 | 2 Android, Lucion | 2 Android, Scan To Pdf Free | 2024-02-28 | 5.8 MEDIUM | N/A |
The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application. | |||||
CVE-2011-3129 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 9.3 HIGH | N/A |
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. | |||||
CVE-2011-3225 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | |||||
CVE-2010-0509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. | |||||
CVE-2010-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. | |||||
CVE-2009-4799 | 1 Diskos | 1 Diskos Cms | 2024-02-28 | 5.0 MEDIUM | N/A |
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | |||||
CVE-2011-3436 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 6.5 MEDIUM | N/A |
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. | |||||
CVE-2011-3666 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X. | |||||
CVE-2009-4762 | 1 Moinmo | 1 Moinmoin | 2024-02-28 | 7.5 HIGH | N/A |
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. | |||||
CVE-2011-2201 | 2 Mark Stosberg, Perl | 2 Data\, Perl | 2024-02-28 | 4.3 MEDIUM | N/A |
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. | |||||
CVE-2010-4043 | 1 Opera | 1 Opera Browser | 2024-02-28 | 4.3 MEDIUM | N/A |
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document. | |||||
CVE-2009-3989 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 4.3 MEDIUM | N/A |
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. | |||||
CVE-2010-1447 | 1 Postgresql | 1 Postgresql | 2024-02-28 | 8.5 HIGH | N/A |
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | |||||
CVE-2011-1425 | 2 Aleksey, Apple | 2 Xml Security Library, Webkit | 2024-02-28 | 5.1 MEDIUM | N/A |
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. | |||||
CVE-2010-0301 | 1 Maildrop | 1 Maildrop | 2024-02-28 | 6.9 MEDIUM | N/A |
main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file. | |||||
CVE-2011-2729 | 2 Apache, Linux | 3 Apache Commons Daemon, Tomcat, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | N/A |
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | |||||
CVE-2012-0364 | 1 Cisco | 12 Small Business Srp520-u Series Firmware, Small Business Srp520 Series Firmware, Small Business Srp521w and 9 more | 2024-02-28 | 7.8 HIGH | N/A |
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. | |||||
CVE-2012-1011 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2024-02-28 | 7.5 HIGH | N/A |
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2011-0778 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. |