| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. |
| Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. |
| Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. |
| The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. |
| Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb. |
| Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory." |
| PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. |
| KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. |
| Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb. |
| KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. |
| The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value accompanied by the first character of the node's title. |
| IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. |
| The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. |
| user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. |
| The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. |
| feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum. |
| RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. |
| The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. |
| The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. |
| The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. |
