Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3006 1 Mcafee 1 Saas Endpoint Protection 2025-04-11 N/A
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.
CVE-2012-5298 1 Mavili Guestbook Project 1 Mavili Guestbook 2025-04-11 N/A
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.
CVE-2012-2315 1 Openkm 1 Openkm 2025-04-11 N/A
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
CVE-2012-1313 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772.
CVE-2013-0337 1 F5 1 Nginx 2025-04-11 N/A
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
CVE-2012-0181 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
CVE-2011-0543 2 Fuse, Redhat 2 Fuse, Enterprise Linux 2025-04-11 N/A
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
CVE-2013-0315 1 Redhat 1 Jboss Enterprise Portal Platform 2025-04-11 N/A
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.
CVE-2013-0287 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2025-04-11 N/A
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
CVE-2012-2957 1 Symantec 1 Web Gateway 2025-04-11 N/A
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
CVE-2012-1515 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.
CVE-2012-2304 2 Drupal, Emil Stjerneman 2 Drupal, Linkit 2025-04-11 N/A
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-0279 1 Quest 1 Toad For Data Analysts 2025-04-11 N/A
Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file.
CVE-2012-4501 2 Apache, Citrix 2 Cloudstack, Cloudstack 2025-04-11 N/A
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
CVE-2012-4845 1 Ibm 2 Aix, Vios 2025-04-11 N/A
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
CVE-2014-0262 1 Microsoft 1 Windows 7 2025-04-11 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
CVE-2013-0257 2 David Alkire, Drupal 2 Email2image, Drupal 2025-04-11 N/A
The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields.
CVE-2012-0878 2 Pythonpaste, Redhat 2 Paste, Enterprise Linux 2025-04-11 N/A
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
CVE-2012-2063 2 Brian Altenhofel, Drupal 2 Slidebox, Drupal 2025-04-11 N/A
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-0254 2 Qt, Redhat 2 Qt, Enterprise Linux 2025-04-11 N/A
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.