Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-4718 | 1 Php | 1 Php | 2024-09-16 | N/A |
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. | ||||
CVE-2009-5055 | 1 Otrs | 1 Otrs | 2024-09-16 | N/A |
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. | ||||
CVE-2012-1642 | 2 Drupal, Yaml-fuer-drupal | 2 Drupal, Linkchecker | 2024-09-16 | N/A |
includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2012-5675 | 1 Adobe | 1 Coldfusion | 2024-09-16 | N/A |
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | ||||
CVE-2012-4907 | 1 Google | 2 Android, Chrome | 2024-09-16 | N/A |
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | ||||
CVE-2012-4107 | 1 Cisco | 1 Unified Computing System | 2024-09-16 | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | ||||
CVE-2019-15272 | 1 Cisco | 1 Unified Communications Manager | 2024-09-16 | 6.5 Medium |
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system. | ||||
CVE-2016-5853 | 1 Google | 1 Android | 2024-09-16 | N/A |
In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | ||||
CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | ||||
CVE-2013-1027 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | ||||
CVE-2009-2453 | 1 Citrix | 2 Presentation Server, Xenapp | 2024-09-16 | N/A |
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | ||||
CVE-2007-5159 | 3 Ntfs-3g, Redhat, Ubuntu | 3 Ntfs-3g, Fedora, Ubuntu Linux | 2024-09-16 | N/A |
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | ||||
CVE-2011-4861 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2024-09-16 | N/A |
The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502. | ||||
CVE-2022-45066 | 1 Thriveweb | 1 Wooswipe Woocommerce Gallery | 2024-09-16 | 5.4 Medium |
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | ||||
CVE-2014-9957 | 1 Google | 1 Android | 2024-09-16 | N/A |
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. | ||||
CVE-2012-4964 | 1 Samsung | 1 Printer Firmware | 2024-09-16 | N/A |
The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | ||||
CVE-2010-0537 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | ||||
CVE-2010-5089 | 1 Silverstripe | 1 Silverstripe | 2024-09-16 | N/A |
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | ||||
CVE-2011-4703 | 2 Android, Nathanielkh | 2 Android, Limit My Call | 2024-09-16 | N/A |
The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. | ||||
CVE-2013-0651 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2024-09-16 | N/A |
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. |