Search Results (9540 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1489 6 Canonical, Mozilla, Opensuse and 3 more 8 Ubuntu Linux, Firefox, Opensuse and 5 more 2025-04-11 N/A
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
CVE-2012-5675 1 Adobe 1 Coldfusion 2025-04-11 N/A
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors.
CVE-2011-4118 1 Mahara 1 Mahara 2025-04-11 N/A
Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
CVE-2010-3196 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
CVE-2010-3194 1 Ibm 1 Db2 2025-04-11 N/A
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.
CVE-2010-1736 1 Aspindir 1 Krm Haber 2025-04-11 N/A
KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb.
CVE-2010-1671 1 Pharscape 1 Hsolink 2025-04-11 N/A
hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action.
CVE-2010-0255 1 Microsoft 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more 2025-04-11 N/A
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
CVE-2010-0231 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2025-04-11 N/A
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
CVE-2010-1663 1 Google 1 Chrome 2025-04-11 N/A
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2010-1646 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2025-04-11 N/A
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
CVE-2010-3304 1 Dovecot 1 Dovecot 2025-04-11 N/A
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
CVE-2012-4553 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."
CVE-2012-4554 1 Drupal 1 Drupal 2025-04-11 N/A
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
CVE-2012-4566 1 Uninett 1 Radsecproxy 2025-04-11 N/A
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.
CVE-2012-4572 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform 2025-04-11 N/A
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
CVE-2012-4573 2 Openstack, Redhat 4 Essex, Folsom, Image Registry And Delivery Service \(glance\) and 1 more 2025-04-11 N/A
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
CVE-2012-4582 1 Mcafee 2 Email And Web Security, Email Gateway 2025-04-11 N/A
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.
CVE-2012-4585 1 Mcafee 2 Email And Web Security, Email Gateway 2025-04-11 N/A
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2012-4586 1 Mcafee 2 Email And Web Security, Email Gateway 2025-04-11 N/A
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.