Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1239 | 1 Toshibatec | 64 E-studio-167 With Network Printer Kit, E-studio-167 With Network Printer Kit Firmware, E-studio-181 With Network Printer Kit and 61 more | 2024-09-17 | N/A |
| The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. | ||||
| CVE-2010-5143 | 1 Mcafee | 1 Virusscan Enterprise | 2024-09-17 | N/A |
| McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. | ||||
| CVE-2012-3736 | 1 Apple | 1 Iphone Os | 2024-09-17 | N/A |
| The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | ||||
| CVE-2012-1433 | 5 Ahnlab, Aladdin, Emsisoft and 2 more | 5 V3 Internet Security, Esafe, Anti-malware and 2 more | 2024-09-17 | N/A |
| The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | ||||
| CVE-2022-38058 | 1 Wpvar | 1 Wp Shamsi | 2024-09-17 | 4.3 Medium |
| Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | ||||
| CVE-2000-1245 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-09-17 | N/A |
| Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors. | ||||
| CVE-2009-4502 | 3 Freebsd, Sun, Zabbix | 3 Freebsd, Solaris, Zabbix | 2024-09-17 | N/A |
| The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. | ||||
| CVE-2013-3264 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2024-09-17 | N/A |
| The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. | ||||
| CVE-2010-2842 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-09-17 | N/A |
| Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033. | ||||
| CVE-2012-4554 | 1 Drupal | 1 Drupal | 2024-09-17 | N/A |
| The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. | ||||
| CVE-2022-41978 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2024-09-17 | 8.8 High |
| Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | ||||
| CVE-2013-3370 | 1 Bestpractical | 1 Rt | 2024-09-17 | N/A |
| Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request. | ||||
| CVE-2013-2373 | 1 Tibco | 1 Spotfire Web Player | 2024-09-16 | N/A |
| The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2012-4730 | 1 Bestpractical | 1 Rt | 2024-09-16 | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | ||||
| CVE-2015-9015 | 1 Google | 1 Android | 2024-09-16 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. | ||||
| CVE-2010-3919 | 1 Fenrir | 1 Grani | 2024-09-16 | N/A |
| Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. | ||||
| CVE-2014-3963 | 1 Owncloud | 1 Owncloud | 2024-09-16 | N/A |
| ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | ||||
| CVE-2012-3491 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-09-16 | N/A |
| src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors. | ||||
| CVE-2009-4766 | 1 Yasirpro | 1 Ms-pro Portal Scripti | 2024-09-16 | N/A |
| YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb. | ||||
| CVE-2009-4314 | 1 Sun | 2 Ray Server Software, Solaris | 2024-09-16 | N/A |
| Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device. | ||||