Search Results (9570 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5157 1 Apple 1 Iphone Os 2025-04-11 N/A
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
CVE-2013-5179 1 Apple 1 Mac Os X 2025-04-11 N/A
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
CVE-2012-6356 1 Ibm 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk 2025-04-11 N/A
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
CVE-2013-2214 1 Nagios 1 Nagios 2025-04-11 N/A
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.
CVE-2012-6357 1 Ibm 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk 2025-04-11 N/A
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
CVE-2013-5414 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
CVE-2013-5420 1 Ibm 1 Security Access Manager For Enterprise Single Sign-on 2025-04-11 N/A
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
CVE-2013-5424 1 Ibm 1 Flex System Manager 2025-04-11 N/A
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.
CVE-2013-5428 1 Ibm 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware 2025-04-11 N/A
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2013-3436 1 Cisco 1 Ios 2025-04-11 N/A
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
CVE-2013-5521 1 Cisco 1 Identity Services Engine Software 2025-04-11 N/A
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.
CVE-2013-5522 1 Cisco 2 Catalyst 3750-x, Ios 2025-04-11 N/A
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
CVE-2013-5572 1 Zabbix 1 Zabbix 2025-04-11 N/A
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
CVE-2012-1078 2 Claus Due, Typo3 2 Sysutils, Typo3 2025-04-11 N/A
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory."
CVE-2013-2323 1 Hp 1 Nonstop Sql\/mx 2025-04-11 N/A
HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue.
CVE-2012-6634 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
CVE-2010-1416 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
CVE-2013-3496 1 Infotecs 4 Vipnet Client, Vipnet Coordinator, Vipnet Personal Firewall and 1 more 2025-04-11 N/A
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2012-1419 2 Cat, Clamav 2 Quick Heal, Clamav 2025-04-11 N/A
The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVE-2013-5663 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.