Export limit exceeded: 362153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9507 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4443 1 Monkey-project 1 Monkey 2025-04-11 N/A
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
CVE-2012-4450 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-11 N/A
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
CVE-2012-4470 2 Drupal, Philip Ludlam 2 Drupal, Listhandler 2025-04-11 N/A
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.
CVE-2012-4471 2 Dominique Clause, Drupal 2 Search Autocomplete, Drupal 2025-04-11 N/A
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
CVE-2012-4477 2 David Alkire, Drupal 2 Drag \& Drop Gallery, Drupal 2025-04-11 N/A
Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors.
CVE-2012-4488 2 Drupal, Location Module Project 2 Drupal, Location 2025-04-11 N/A
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.
CVE-2012-4510 1 Cups-pk-helper Project 1 Cups-pk-helper 2025-04-11 N/A
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
CVE-2010-5089 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
CVE-2010-5093 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
CVE-2010-5094 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."
CVE-2010-5142 1 Opscode 1 Chef 2025-04-11 N/A
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.
CVE-2010-5143 1 Mcafee 1 Virusscan Enterprise 2025-04-11 N/A
McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.
CVE-2010-5291 1 Amberdms 1 Amberdms Billing System 2025-04-11 N/A
Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVE-2012-4586 1 Mcafee 2 Email And Web Security, Email Gateway 2025-04-11 N/A
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.
CVE-2012-4587 1 Mcafee 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent 2025-04-11 N/A
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.
CVE-2011-0227 1 Apple 1 Iphone Os 2025-04-11 N/A
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
CVE-2011-0260 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.
CVE-2011-0316 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.
CVE-2011-0542 2 Fuse, Redhat 2 Fuse, Enterprise Linux 2025-04-11 N/A
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
CVE-2012-4731 1 Bestpractical 1 Rtfm 2025-04-11 N/A
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.