Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1053 2 Puppet, Puppetlabs 4 Puppet, Puppet Enterprise, Puppet and 1 more 2025-04-11 N/A
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
CVE-2012-0215 1 Tryton 1 Trytond 2025-04-11 N/A
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
CVE-2013-3859 1 Microsoft 2 Office, Pinyin Ime 2025-04-11 N/A
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."
CVE-2012-3504 1 Fedoraproject 1 Crypto-utils 2025-04-11 N/A
The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.
CVE-2013-2065 2 Opensuse, Ruby-lang 2 Opensuse, Ruby 2025-04-11 N/A
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
CVE-2012-3513 1 Munin-monitoring 1 Munin 2025-04-11 N/A
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
CVE-2011-3140 1 Ibm 3 G400 Ips-g400-ib-1 Appliance, Gx4004 Ips-gx4004-ib-2 Appliance, Web Application Firewall 2025-04-11 N/A
IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server.
CVE-2010-3034 1 Cisco 1 Wireless Lan Controller Software 2025-04-11 N/A
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575.
CVE-2010-4582 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2010-3028 2 Joomla, Simon Philips 2 Joomla, Aardvertiser 2025-04-11 N/A
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.
CVE-2011-4692 2 Apple, Google 3 Safari, Webkit, Chrome 2025-04-11 N/A
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
CVE-2011-4690 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
CVE-2010-1908 1 Consona 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance 2025-04-11 N/A
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile.
CVE-2011-4688 1 Mozilla 1 Firefox 2025-04-11 N/A
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
CVE-2010-5087 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller.
CVE-2010-5146 1 Websense 2 Websense Web Filter, Websense Web Security 2025-04-11 N/A
The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files.
CVE-2011-3190 2 Apache, Redhat 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server 2025-04-11 N/A
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
CVE-2010-2666 3 Apple, Microsoft, Opera 3 Mac Os X, Windows, Opera Browser 2025-04-11 N/A
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
CVE-2010-2657 3 Apple, Microsoft, Opera 3 Macos, Windows, Opera Browser 2025-04-11 N/A
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
CVE-2013-6802 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.