Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0237 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-28 | 6.9 MEDIUM | N/A |
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." | |||||
CVE-2011-1744 | 1 Emc | 1 Captiva Einput | 2024-02-28 | 5.8 MEDIUM | N/A |
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site. | |||||
CVE-2011-0166 | 1 Apple | 2 Safari, Webkit | 2024-02-28 | 5.8 MEDIUM | N/A |
The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. | |||||
CVE-2011-0542 | 1 Fuse | 1 Fuse | 2024-02-28 | 3.3 LOW | N/A |
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. | |||||
CVE-2009-4585 | 1 Aspindir | 1 Uranyumsoft Listing Service | 2024-02-28 | 5.0 MEDIUM | N/A |
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. | |||||
CVE-2009-4998 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-28 | 2.6 LOW | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2003-1594 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-02-28 | 7.5 HIGH | N/A |
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
CVE-2011-2993 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 9.3 HIGH | N/A |
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. | |||||
CVE-2011-4692 | 2 Apple, Google | 3 Safari, Webkit, Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | |||||
CVE-2010-1505 | 1 Google | 1 Chrome | 2024-02-28 | 10.0 HIGH | N/A |
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors. | |||||
CVE-2008-7295 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.8 MEDIUM | N/A |
Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
CVE-2010-1238 | 1 Moinmo | 1 Moinmoin | 2024-02-28 | 5.0 MEDIUM | N/A |
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. | |||||
CVE-2010-1067 | 1 Hasmir Alic | 1 E-membres | 2024-02-28 | 5.0 MEDIUM | N/A |
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb. | |||||
CVE-2010-3700 | 3 Acegisecurity, Ibm, Vmware | 3 Acegi-security, Websphere Application Server, Springsource Spring Security | 2024-02-28 | 5.0 MEDIUM | N/A |
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. | |||||
CVE-2012-0056 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | N/A |
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. | |||||
CVE-2010-1429 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-28 | 5.0 MEDIUM | N/A |
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. | |||||
CVE-2011-2742 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2024-02-28 | 6.8 MEDIUM | N/A |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. | |||||
CVE-2011-1740 | 1 Emc | 1 Avamar | 2024-02-28 | 7.7 HIGH | N/A |
EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain. | |||||
CVE-2010-2058 | 1 Prelude-technologies | 1 Prewikka | 2024-02-28 | 2.1 LOW | N/A |
setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password. | |||||
CVE-2010-4624 | 1 Mybb | 1 Mybb | 2024-02-28 | 3.5 LOW | N/A |
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. |