Search Results (9577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-5102 1 Websense 4 Websense Web Filter, Websense Web Security, Websense Web Security Gateway and 1 more 2025-04-11 N/A
The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors.
CVE-2012-1508 1 Vmware 3 Esx, Esxi, View 2025-04-11 N/A
The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2012-1515 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.
CVE-2011-5144 1 Obm 1 Open Business Management 2025-04-11 N/A
Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function.
CVE-2012-1576 1 Atheme 1 Atheme 2025-04-11 N/A
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
CVE-2012-3452 1 Gnome 1 Screensaver 2025-04-11 N/A
gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation.
CVE-2012-3453 1 Debian 1 Logol 2025-04-11 N/A
logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.
CVE-2012-3459 2 Redhat, Trevor Mckay 2 Enterprise Mrg, Cumin 2025-04-11 N/A
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.
CVE-2011-0387 1 Cisco 2 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software 2025-04-11 N/A
The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164.
CVE-2012-2203 1 Ibm 3 Global Security Kit, Rational Directory Server, Tivoli Directory Server 2025-04-11 N/A
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.
CVE-2012-4906 1 Google 2 Android, Chrome 2025-04-11 N/A
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
CVE-2013-3633 1 Siemens 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more 2025-04-11 N/A
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.
CVE-2012-3478 1 Pizzashack 1 Rssh 2025-04-11 N/A
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
CVE-2012-2291 3 Apple, Emc, Hp 4 Mac Os X, Avamar, Avamar Plugin and 1 more 2025-04-11 N/A
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
CVE-2012-2292 1 Emc 2 Rsa Archer Egrc, Rsa Archer Smartsuite 2025-04-11 N/A
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2012-2315 1 Openkm 1 Openkm 2025-04-11 N/A
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
CVE-2012-3486 1 Google 1 Tunnelblick 2025-04-11 N/A
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
CVE-2012-4069 1 Dir2web 1 Dir2web 2025-04-11 N/A
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
CVE-2013-4294 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
CVE-2013-4299 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-11 N/A
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.