Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3893 1 Ibm 1 Omnifind 2025-04-11 N/A
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.
CVE-2010-3895 1 Ibm 1 Omnifind 2025-04-11 N/A
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.
CVE-2009-4904 1 Dootzky 1 Oblog 2025-04-11 N/A
article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action.
CVE-2012-4077 1 Cisco 1 Nx-os 2025-04-11 N/A
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
CVE-2011-2760 1 Brocade 1 Bigiron Rx Switch 2025-04-11 N/A
Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.
CVE-2014-0657 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
CVE-2009-4996 1 Xfce 1 Xfce 2025-04-11 N/A
Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments
CVE-2009-5008 1 Cisco 1 Secure Desktop 2025-04-11 N/A
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.
CVE-2009-5054 1 Smarty 1 Smarty 2025-04-11 N/A
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
CVE-2012-0028 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-11 N/A
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.
CVE-2010-0011 1 Uzbl 1 Uzbl 2025-04-11 N/A
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
CVE-2010-3919 1 Fenrir 1 Grani 2025-04-11 N/A
Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site.
CVE-2012-0064 2 X, Xkeyboard Config Project 2 X.org X11, Xkeyboard-config 2025-04-11 N/A
xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab.
CVE-2010-2973 1 Apple 3 Ipad, Iphone Os, Ipod Touch 2025-04-11 N/A
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
CVE-2010-3920 1 Epson 6 Lp-s7100, Lp-s7100 Driver 4.1.0, Lp-s7100 Driver 4.1.7 and 3 more 2025-04-11 N/A
The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories.
CVE-2012-3022 1 Canarylabs 1 Trendlink 2025-04-11 N/A
The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site.
CVE-2010-0125 2 Apple, Realnetworks 3 Mac Os X, Realplayer, Realplayer Sp 2025-04-11 N/A
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors.
CVE-2012-5951 1 Ibm 2 Tivoli Netview, Z\/os 2025-04-11 N/A
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.
CVE-2012-3030 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request.
CVE-2012-0205 1 Ibm 2 Infosphere Information Server, Infosphere Metadata Workbench 2025-04-11 N/A
InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors.