| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| BabyGekko before 1.2.4 allows PHP file inclusion. |
| BabyGekko before 1.2.4 has SQL injection. |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). |
| A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. |
| libuser has information disclosure when moving user's home directory |
| thttpd has a local DoS vulnerability via specially-crafted .htpasswd files |
| ipa 3.0 does not properly check server identity before sending credential containing cookies |
| libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. |
| Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. |
| Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation |
| opendnssec misuses libcurl API |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. |
| The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. |
| rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite |
