Search Results (9500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-2139 7 Adobe, Apple, Google and 4 more 8 Adobe Air, Flash Player, Mac Os X and 5 more 2025-04-11 N/A
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
CVE-2012-6563 1 Elgg 1 Elgg 2025-04-11 N/A
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
CVE-2011-2145 3 Freebsd, Oracle, Vmware 7 Freebsd, Solaris, Esx and 4 more 2025-04-11 N/A
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error."
CVE-2012-6432 1 Sensiolabs 1 Symfony 2025-04-11 N/A
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.
CVE-2011-1683 1 Ibm 2 Websphere Application Server, Z\/os 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
CVE-2011-3898 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.
CVE-2012-5897 1 Quest 1 Intrust 2025-04-11 N/A
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
CVE-2011-1680 1 Ncpfs 1 Ncpfs 2025-04-11 N/A
ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
CVE-2012-5759 1 Ibm 1 Websphere Datapower Xc10 Appliance 2025-04-11 N/A
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors.
CVE-2013-0315 1 Redhat 1 Jboss Enterprise Portal Platform 2025-04-11 N/A
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.
CVE-2011-2147 1 Openswan 1 Openswan 2025-04-11 N/A
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784.
CVE-2011-0290 3 Lotus, Microsoft, Rim 3 Domino, Exchange Server, Blackberry Enterprise Server 2025-04-11 N/A
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
CVE-2013-0287 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2025-04-11 N/A
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
CVE-2012-3738 1 Apple 1 Iphone Os 2025-04-11 N/A
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.
CVE-2012-5586 2 Drupal, Marc Ingram 2 Drupal, Services 2025-04-11 N/A
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
CVE-2012-5522 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.
CVE-2012-5479 1 Moodle 1 Moodle 2025-04-11 N/A
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
CVE-2012-5481 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page.
CVE-2012-5480 1 Moodle 1 Moodle 2025-04-11 N/A
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
CVE-2012-5471 1 Moodle 1 Moodle 2025-04-11 N/A
The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.