Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-5089 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
CVE-2010-5090 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.
CVE-2012-5482 1 Openstack 3 Essex, Folsom, Image Registry And Delivery Service \(glance\) 2025-04-11 N/A
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
CVE-2010-1638 1 Horde 1 Horde 2025-04-11 N/A
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
CVE-2010-1633 1 Openssl 1 Openssl 2025-04-11 N/A
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2012-3523 1 Isc 1 Inn 2025-04-11 N/A
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
CVE-2012-5522 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.
CVE-2013-1737 2 Mozilla, Redhat 6 Firefox, Seamonkey, Thunderbird and 3 more 2025-04-11 N/A
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.
CVE-2012-5523 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
CVE-2012-5530 1 Sgi 1 Performance Co-pilot 2025-04-11 N/A
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
CVE-2011-3124 2 Ibm, Linux 3 Infosphere Datastage, Infosphere Information Server, Linux Kernel 2025-04-11 N/A
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors.
CVE-2012-1195 1 Landesk 1 Lenovo Thinkmanagement Console 2025-04-11 N/A
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.
CVE-2011-3123 2 Ibm, Linux 3 Infosphere Datastage, Infosphere Information Server, Linux Kernel 2025-04-11 N/A
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
CVE-2013-5157 1 Apple 1 Iphone Os 2025-04-11 N/A
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
CVE-2013-2300 1 Pm9 1 Flickwnn 2025-04-11 N/A
The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
CVE-2013-4554 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-11 N/A
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.
CVE-2012-5557 2 Drupal, User Read-only Project 2 Drupal, User Readonly 2025-04-11 N/A
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.
CVE-2011-4114 1 Roderich Schupp 1 Par-packer Module 2025-04-11 N/A
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
CVE-2012-1439 4 Aladdin, Fortinet, Pandasecurity and 1 more 4 Esafe, Fortinet Antivirus, Panda Antivirus and 1 more 2025-04-11 N/A
The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVE-2010-1142 2 Microsoft, Vmware 8 Windows, Ace, Esx and 5 more 2025-04-11 N/A
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.