Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-3688 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2024-09-16 | N/A |
The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault. | ||||
CVE-2020-7352 | 1 Gog | 1 Galaxy | 2024-09-16 | 8.4 High |
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. | ||||
CVE-2010-0401 | 1 Openttd | 1 Openttd | 2024-09-16 | N/A |
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | ||||
CVE-2012-1641 | 2 Danielb, Drupal | 2 Finder, Drupal | 2024-09-16 | N/A |
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. | ||||
CVE-2012-1440 | 5 Aladdin, Ca, Fortinet and 2 more | 5 Esafe, Etrust Vet Antivirus, Fortinet Antivirus and 2 more | 2024-09-16 | N/A |
The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||
CVE-2012-3513 | 1 Munin-monitoring | 1 Munin | 2024-09-16 | N/A |
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. | ||||
CVE-2009-4222 | 1 Smartisoft | 1 Phpbazar | 2024-09-16 | N/A |
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request. | ||||
CVE-2013-5754 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2024-09-16 | N/A |
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612. | ||||
CVE-2010-0935 | 1 Perforce | 1 Perforce Server | 2024-09-16 | N/A |
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. | ||||
CVE-2012-4488 | 2 Drupal, Location Module Project | 2 Drupal, Location | 2024-09-16 | N/A |
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page. | ||||
CVE-2012-5179 | 1 Boatmob | 2 Boat Browser, Boat Browser Mini | 2024-09-16 | N/A |
The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | ||||
CVE-2022-38067 | 1 Total-soft | 1 Event Calendar | 2024-09-16 | 6.5 Medium |
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | ||||
CVE-2012-1598 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." | ||||
CVE-2013-1650 | 1 Open-xchange | 1 Open-xchange Server | 2024-09-16 | N/A |
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations. | ||||
CVE-2012-4731 | 1 Bestpractical | 1 Rtfm | 2024-09-16 | N/A |
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. | ||||
CVE-2022-25649 | 1 Storeapps | 1 Affiliate For Woocommerce | 2024-09-16 | 5 Medium |
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. | ||||
CVE-2010-2693 | 1 Freebsd | 1 Freebsd | 2024-09-16 | N/A |
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. | ||||
CVE-2010-0005 | 1 Viewvc | 1 Viewvc | 2024-09-16 | N/A |
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. | ||||
CVE-2018-5468 | 1 Philips | 1 Intellispace Portal | 2024-09-16 | N/A |
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code | ||||
CVE-2022-38070 | 1 Mypopups | 1 Pop-up | 2024-09-16 | 5.4 Medium |
Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. |