Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-3180 | 1 Cisco | 13 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 10 more | 2024-09-16 | 7.8 High |
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges. | ||||
CVE-2011-4434 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-09-16 | N/A |
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. | ||||
CVE-2010-5065 | 1 Vwar | 1 Virtual War | 2024-09-16 | N/A |
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action. | ||||
CVE-2010-3033 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-09-16 | N/A |
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843. | ||||
CVE-2012-0215 | 1 Tryton | 1 Trytond | 2024-09-16 | N/A |
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. | ||||
CVE-2012-0679 | 1 Apple | 1 Safari | 2024-09-16 | N/A |
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. | ||||
CVE-2009-4526 | 2 Drupal, Joao Ventura | 2 Drupal, Print | 2024-09-16 | N/A |
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. | ||||
CVE-2009-2717 | 2 Microsoft, Sun | 2 Windows 2000, Java Se | 2024-09-16 | N/A |
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | ||||
CVE-2013-3503 | 1 Gwos | 1 Groundwork Monitor | 2024-09-16 | N/A |
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-9026 | 1 Ubercart | 1 Ubercart | 2024-09-16 | N/A |
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors. | ||||
CVE-2012-5187 | 1 Weathernews | 1 Weathernews Touch | 2024-09-16 | N/A |
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | ||||
CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | ||||
CVE-2020-3214 | 1 Cisco | 106 1100 Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 103 more | 2024-09-16 | 6.7 Medium |
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. | ||||
CVE-2013-4878 | 2 Linux, Parallels | 3 Linux Kernel, Parallels Plesk Panel, Parallels Small Business Panel | 2024-09-16 | N/A |
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. | ||||
CVE-2021-36879 | 1 Stylemixthemes | 1 Ulisting | 2024-09-16 | 9.8 Critical |
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | ||||
CVE-2018-13802 | 1 Siemens | 2 Rox Ii, Rox Ii Firmware | 2024-09-16 | N/A |
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. | ||||
CVE-2004-2700 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2024-09-16 | N/A |
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx. | ||||
CVE-2022-42460 | 1 Sedlex | 1 Traffic Manager | 2024-09-16 | 6.5 Medium |
Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | ||||
CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2024-09-16 | N/A |
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | ||||
CVE-2013-0676 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2024-09-16 | N/A |
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query. |