Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3475 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.
CVE-2010-3483 1 Bouzouste 1 Primitive Cms 2025-04-11 N/A
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
CVE-2011-1046 1 Ibm 3 Filenet P8 Business Process Manager, Filenet P8 Content Engine, Filenet P8 Content Manager 2025-04-11 N/A
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.
CVE-2011-4682 1 Opera 1 Opera Browser 2025-04-11 N/A
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.
CVE-2012-5629 1 Redhat 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 3 more 2025-04-11 N/A
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
CVE-2010-0976 1 Acidcat 1 Acidcat Cms 2025-04-11 N/A
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
CVE-2010-3779 1 Dovecot 1 Dovecot 2025-04-11 N/A
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
CVE-2010-3829 1 Apple 1 Iphone Os 2025-04-11 N/A
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.
CVE-2013-1027 1 Apple 1 Mac Os X 2025-04-11 N/A
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.
CVE-2012-6117 2 Cloudforms Cloudengine, Redhat 2 1, Cloudforms Cloud Engine 2025-04-11 N/A
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
CVE-2012-6118 2 Cloudforms Cloudengine, Redhat 2 1, Aeolus Conductor 2025-04-11 N/A
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
CVE-2013-1031 1 Apple 1 Mac Os X 2025-04-11 N/A
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
CVE-2013-1033 1 Apple 1 Mac Os X 2025-04-11 N/A
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.
CVE-2013-1901 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine 2025-04-11 N/A
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
CVE-2010-3961 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-11 N/A
The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
CVE-2010-4179 1 Redhat 1 Enterprise Mrg 2025-04-11 N/A
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.
CVE-2011-4679 1 Vtiger 1 Vtiger Crm 2025-04-11 N/A
vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.
CVE-2013-0182 2 Bart Feenstra, Drupal 2 Payment, Drupal 2025-04-11 N/A
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
CVE-2013-1940 3 Canonical, Redhat, X 3 Ubuntu Linux, Enterprise Linux, X.org-xserver 2025-04-11 N/A
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
CVE-2010-0237 1 Microsoft 2 Windows 2000, Windows Xp 2025-04-11 N/A
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."