Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3056 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
CVE-2012-1930 2 Opera, Unix 2 Opera Browser, Unix 2025-04-11 N/A
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files.
CVE-2013-3519 1 Vmware 5 Esx, Esxi, Fusion and 2 more 2025-04-11 N/A
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.
CVE-2012-6033 1 Xen 1 Xen 2025-04-11 N/A
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVE-2011-4689 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
CVE-2012-2225 1 360zip 1 360zip 2025-04-11 N/A
360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction.
CVE-2012-5879 1 Mcafee 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician 2025-04-11 N/A
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
CVE-2013-3426 1 Cisco 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware 2025-04-11 N/A
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810.
CVE-2013-3408 1 Cisco 3 Virtualization Experience Client 6000, Virtualization Experience Client 6000 Series Firmware, Virtualization Experience Client 6215 2025-04-11 N/A
The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764.
CVE-2010-2442 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
CVE-2012-5509 2 Cloudforms Cloudengine, Redhat 2 1, Cloudforms Cloud Engine 2025-04-11 N/A
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
CVE-2012-5472 1 Moodle 1 Moodle 2025-04-11 N/A
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.
CVE-2012-5469 2 Phpmyadmin, Wordpress 2 Phpmyadmin, Wordpress 2025-04-11 N/A
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
CVE-2012-5299 1 Mavili Guestbook Project 1 Mavili Guestbook 2025-04-11 N/A
Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.
CVE-2011-4772 2 360, Android 2 Kouxin, Android 2025-04-11 N/A
The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.
CVE-2011-4864 2 Google, Tencent 2 Android, Mobileqq 2025-04-11 N/A
The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application.
CVE-2011-4691 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
CVE-2011-3839 1 Wuzly 1 Wuzly 2025-04-11 N/A
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie.
CVE-2012-5168 1 Atutor 1 Acontent 2025-04-11 N/A
ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.
CVE-2011-3666 2 Apple, Mozilla 3 Mac Os X, Firefox, Thunderbird 2025-04-11 N/A
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.