Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6734 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.
CVE-2011-5083 1 Dotclear 1 Dotclear 2025-04-11 N/A
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2011-2658 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.
CVE-2013-1031 1 Apple 1 Mac Os X 2025-04-11 N/A
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
CVE-2012-2356 1 Moodle 1 Moodle 2025-04-11 N/A
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
CVE-2010-1671 1 Pharscape 1 Hsolink 2025-04-11 N/A
hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action.
CVE-2011-2600 1 Microsoft 1 Windows Xp 2025-04-11 N/A
The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.
CVE-2012-2355 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
CVE-2012-2352 1 Sympa 1 Sympa 2025-04-11 N/A
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.
CVE-2012-2010 1 Hp 1 Openvms 2025-04-11 N/A
The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.
CVE-2012-1959 2 Mozilla, Redhat 5 Firefox, Seamonkey, Thunderbird and 2 more 2025-04-11 N/A
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.
CVE-2012-1894 1 Microsoft 1 Office 2025-04-11 N/A
Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
CVE-2011-1311 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
CVE-2011-0729 1 Ubuntu 1 Language-selector 2025-04-11 N/A
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call.
CVE-2011-1307 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.
CVE-2012-2957 1 Symantec 1 Web Gateway 2025-04-11 N/A
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
CVE-2013-0268 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
CVE-2013-0182 2 Bart Feenstra, Drupal 2 Payment, Drupal 2025-04-11 N/A
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
CVE-2013-0151 1 Xen 1 Xen 2025-04-11 N/A
The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.
CVE-2010-0734 2 Curl, Redhat 2 Libcurl, Enterprise Linux 2025-04-11 N/A
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.