Search Results (9575 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0729 1 Redhat 1 Enterprise Linux 2025-04-11 N/A
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.
CVE-2012-1826 1 Dotcms 1 Dotcms 2025-04-11 N/A
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
CVE-2012-1827 1 Efstechnology 1 Autoform Pdm Archive 2025-04-11 N/A
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request.
CVE-2011-1661 2 Drupal, Nicholas Thompson 2 Drupal, Node Quick Find 2025-04-11 N/A
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
CVE-2010-3483 1 Bouzouste 1 Primitive Cms 2025-04-11 N/A
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
CVE-2010-4274 1 Ibm 1 Director Agent 2025-04-11 N/A
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership.
CVE-2010-2843 1 Cisco 1 Wireless Lan Controller Software 2025-04-11 N/A
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.
CVE-2012-2692 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
CVE-2010-1326 1 March-hare 2 Cvs Suite, Cvsnt 2025-04-11 N/A
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.
CVE-2010-1347 2 Ibm, Linux 3 Aix, Director Agent, Linux Kernel 2025-04-11 N/A
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.
CVE-2000-1245 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.
CVE-2010-4582 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2010-3475 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.
CVE-2012-3241 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.
CVE-2012-3292 1 Globus 1 Globus Toolkit 2025-04-11 N/A
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
CVE-2010-4595 1 Ibm 1 Lotus Mobile Connect 2025-04-11 N/A
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.
CVE-2012-3383 1 Wordpress 1 Wordpress 2025-04-11 N/A
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
CVE-2012-3560 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
CVE-2013-4310 1 Apache 1 Struts 2025-04-11 N/A
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
CVE-2010-1626 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2025-04-11 N/A
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.