Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4289 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.
CVE-2012-2354 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.
CVE-2011-4296 1 Moodle 1 Moodle 2025-04-11 N/A
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.
CVE-2011-4297 1 Moodle 1 Moodle 2025-04-11 N/A
comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.
CVE-2012-2389 1 W1.fi 1 Hostapd 2025-04-11 N/A
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.
CVE-2011-4308 1 Moodle 1 Moodle 2025-04-11 N/A
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
CVE-2012-2561 1 Hp 1 Business Service Management 2025-04-11 N/A
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
CVE-2013-1901 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine 2025-04-11 N/A
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
CVE-2011-4309 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.
CVE-2011-0963 1 Cisco 2 Nac Guest Server, Nac Guest Server Software 2025-04-11 N/A
The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922.
CVE-2011-4316 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors.
CVE-2011-0980 1 Microsoft 3 Excel, Office, Open Xml File Format Converter 2025-04-11 N/A
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
CVE-2013-0008 1 Microsoft 6 Windows 7, Windows 8, Windows Rt and 3 more 2025-04-11 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
CVE-2011-4328 1 Gnu 1 Gnash 2025-04-11 N/A
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.
CVE-2012-2928 2 Atlassian, Gliffy 3 Confluence Server, Jira, Gliffy 2025-04-11 N/A
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
CVE-2011-1008 1 Bestpractical 1 Rt 2025-04-11 N/A
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
CVE-2011-1011 1 Redhat 3 Enterprise Linux, Fedora, Policycoreutils 2025-04-11 N/A
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
CVE-2011-1021 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-11 N/A
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
CVE-2011-1022 2 Balbir Singh, Redhat 2 Libcgroup, Enterprise Linux 2025-04-11 N/A
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
CVE-2011-1024 2 Openldap, Redhat 2 Openldap, Enterprise Linux 2025-04-11 N/A
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.