Total
5486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2025-04-11 | N/A |
| The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | ||||
| CVE-2012-4107 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | ||||
| CVE-2012-4106 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. | ||||
| CVE-2012-4090 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-11 | N/A |
| The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | ||||
| CVE-2012-4077 | 1 Cisco | 1 Nx-os | 2025-04-11 | N/A |
| Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | ||||
| CVE-2012-4065 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | N/A |
| Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting. | ||||
| CVE-2012-4064 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | N/A |
| Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id. | ||||
| CVE-2012-4063 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | N/A |
| The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2012-4069 | 1 Dir2web | 1 Dir2web | 2025-04-11 | N/A |
| Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db. | ||||
| CVE-2012-4035 | 1 Pbboard | 1 Pbboard | 2025-04-11 | N/A |
| The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php. | ||||
| CVE-2012-4022 | 1 Simon Brown | 1 Pebble | 2025-04-11 | N/A |
| Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | ||||
| CVE-2010-1736 | 1 Aspindir | 1 Krm Haber | 2025-04-11 | N/A |
| KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | ||||
| CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. | ||||
| CVE-2010-1066 | 1 The-ghost | 1 Ar Web Content Manager | 2025-04-11 | N/A |
| AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. | ||||
| CVE-2012-4016 | 2 Google, Justsystems | 2 Android, Atok | 2025-04-11 | N/A |
| The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | ||||
| CVE-2012-3987 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-11 | N/A |
| Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||||
| CVE-2011-1665 | 1 Phpboost | 1 Phpboost | 2025-04-11 | N/A |
| PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/. | ||||
| CVE-2012-3978 | 2 Mozilla, Redhat | 5 Firefox, Seamonkey, Thunderbird and 2 more | 2025-04-11 | N/A |
| The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. | ||||
| CVE-2012-3386 | 2 Gnu, Redhat | 2 Automake, Enterprise Linux | 2025-04-11 | N/A |
| The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-5691 | 1 Freebsd | 1 Freebsd | 2025-04-11 | N/A |
| The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application. | ||||