Export limit exceeded: 364625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9562 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0866 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2025-04-11 N/A
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
CVE-2010-5143 1 Mcafee 1 Virusscan Enterprise 2025-04-11 N/A
McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.
CVE-2012-3491 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2025-04-11 N/A
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
CVE-2012-3484 1 Google 1 Tunnelblick 2025-04-11 N/A
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share.
CVE-2012-1452 3 Cat, Emsisoft, Ikarus 3 Quick Heal, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner 2025-04-11 N/A
The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
CVE-2012-4112 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330.
CVE-2012-4113 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374.
CVE-2012-4121 1 Cisco 1 Nx-os 2025-04-11 N/A
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
CVE-2010-0977 1 Pordus 1 Pd Portal 2025-04-11 N/A
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
CVE-2010-0978 1 Kmsoft 1 Guestbook 2025-04-11 N/A
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
CVE-2010-3260 1 Orbeon 1 Forms 2025-04-11 N/A
oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue.
CVE-2012-4136 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910.
CVE-2012-5482 1 Openstack 3 Essex, Folsom, Image Registry And Delivery Service \(glance\) 2025-04-11 N/A
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
CVE-2010-1621 1 Mysql 1 Mysql 2025-04-11 N/A
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
CVE-2012-3993 2 Mozilla, Redhat 5 Firefox, Seamonkey, Thunderbird and 2 more 2025-04-11 N/A
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
CVE-2010-1066 1 The-ghost 1 Ar Web Content Manager 2025-04-11 N/A
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
CVE-2010-1067 1 Hasmir Alic 1 E-membres 2025-04-11 N/A
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.
CVE-2010-5090 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.
CVE-2010-5089 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
CVE-2010-3433 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2025-04-11 N/A
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.