| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters. |
| Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory." |
| VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. |
| Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application. |
| usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command. |
| rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed. |
| The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. |
| WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. |
| Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. |
| Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file. |
| The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. |
| Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. |
| Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. |
| PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. |
| The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. |
| Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. |
| The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." |
| The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. |
| Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. |
