Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2063 2 Brian Altenhofel, Drupal 2 Slidebox, Drupal 2025-04-11 N/A
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-2058 2 Drupal, Paypal 2 Drupal, Ubercart Payflow 2025-04-11 N/A
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors.
CVE-2002-2437 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-11 N/A
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
CVE-2012-0185 1 Microsoft 3 Excel, Excel Viewer, Office Compatibility Pack 2025-04-11 N/A
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
CVE-2012-1906 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2025-04-11 5.5 Medium
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.
CVE-2012-1895 1 Microsoft 6 .net Framework, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
CVE-2008-7293 1 Mozilla 1 Firefox 2025-04-11 N/A
Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2008-7296 1 Apple 1 Safari 2025-04-11 N/A
Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2008-7297 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2008-7300 1 Sun 2 Opensolaris, Sunos 2025-04-11 N/A
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone.
CVE-2010-1066 1 The-ghost 1 Ar Web Content Manager 2025-04-11 N/A
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
CVE-2013-1903 1 Postgresql 1 Postgresql 2025-04-11 N/A
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.
CVE-2004-2768 1 Debian 1 Dpkg 2025-04-11 N/A
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
CVE-2012-6534 1 Novell 1 Sentinel Log Manager 2025-04-11 N/A
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.
CVE-2011-1376 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.
CVE-2010-3499 1 F-secure 1 Anti-virus 2025-04-11 N/A
F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors."
CVE-2013-1031 1 Apple 1 Mac Os X 2025-04-11 N/A
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
CVE-2012-4845 1 Ibm 2 Aix, Vios 2025-04-11 N/A
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
CVE-2012-0028 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-11 N/A
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.
CVE-2010-5090 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.