Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0182 | 2 Bart Feenstra, Drupal | 2 Payment, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. | |||||
| CVE-2013-5010 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 4.6 MEDIUM | N/A |
| The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | |||||
| CVE-2010-0185 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL. | |||||
| CVE-2010-0443 | 1 Hp | 2 Openvms, Openvms Rms | 2025-04-11 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors. | |||||
| CVE-2012-2719 | 2 Blaine Lang, Drupal | 2 Filedepot, Drupal | 2025-04-11 | 5.1 MEDIUM | N/A |
| The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." | |||||
| CVE-2013-0073 | 1 Microsoft | 8 .net Framework, Windows 7, Windows 8 and 5 more | 2025-04-11 | 10.0 HIGH | N/A |
| The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." | |||||
| CVE-2013-3496 | 1 Infotecs | 4 Vipnet Client, Vipnet Coordinator, Vipnet Personal Firewall and 1 more | 2025-04-11 | 7.2 HIGH | N/A |
| Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. | |||||
| CVE-2011-4689 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | |||||
| CVE-2010-4629 | 1 Mybb | 1 Mybb | 2025-04-11 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php. | |||||
| CVE-2010-4723 | 1 Smarty | 1 Smarty | 2025-04-11 | 9.3 HIGH | N/A |
| Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-2739 | 1 Emc | 1 Documentum Eroom | 2025-04-11 | 8.5 HIGH | N/A |
| The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | |||||
| CVE-2012-5471 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
| The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. | |||||
| CVE-2011-4605 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors. | |||||
| CVE-2012-1826 | 1 Dotcms | 1 Dotcms | 2025-04-11 | 6.0 MEDIUM | N/A |
| dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. | |||||
| CVE-2011-2018 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Server 2008 and 1 more | 2025-04-11 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." | |||||
| CVE-2013-1959 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 3.7 LOW | N/A |
| kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. | |||||
| CVE-2009-4912 | 1 Cisco | 1 Asa 5580 | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. | |||||
| CVE-2012-5417 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. | |||||
| CVE-2010-3196 | 1 Ibm | 1 Db2 | 2025-04-11 | 3.5 LOW | N/A |
| IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | |||||
| CVE-2010-2685 | 1 Customerparadigm | 1 Pagedirector Cms | 2025-04-11 | 7.5 HIGH | N/A |
| siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request. | |||||