Search Results (9546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1515 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.
CVE-2012-1518 1 Vmware 5 Esx, Esxi, Fusion and 2 more 2025-04-11 N/A
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.
CVE-2012-1576 1 Atheme 1 Atheme 2025-04-11 N/A
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
CVE-2012-1581 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.
CVE-2012-1590 1 Drupal 1 Drupal 2025-04-11 N/A
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
CVE-2012-1591 1 Drupal 1 Drupal 2025-04-11 N/A
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
CVE-2012-1598 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
CVE-2014-2019 1 Apple 1 Iphone Os 2025-04-11 4.6 Medium
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
CVE-2012-1643 2 Drupal, Jason Savino 2 Drupal, Fp 2025-04-11 N/A
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors.
CVE-2014-1960 1 Sap 2 Netweaver, Netweaver Solution Manager 2025-04-11 N/A
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-1903 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2025-04-11 N/A
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
CVE-2012-1642 2 Drupal, Yaml-fuer-drupal 2 Drupal, Linkchecker 2025-04-11 N/A
includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-1599 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
CVE-2012-1611 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
CVE-2012-4845 1 Ibm 2 Aix, Vios 2025-04-11 N/A
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
CVE-2012-4833 1 Ibm 2 Aix, Vios 2025-04-11 N/A
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
CVE-2012-4816 1 Ibm 1 Rational Automation Framework 2025-04-11 N/A
IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
CVE-2014-0854 1 Ibm 1 Cognos Business Intelligence 2025-04-11 N/A
The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2012-4777 1 Microsoft 9 .net Framework, Windows 7, Windows 8 and 6 more 2025-04-11 N/A
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
CVE-2014-0839 1 Ibm 1 Rational Focal Point 2025-04-11 N/A
IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.