Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6102 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | ||||
| CVE-2012-5966 | 1 Dlink | 1 Dsl-2730u | 2025-04-11 | N/A |
| The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. | ||||
| CVE-2012-5951 | 1 Ibm | 2 Tivoli Netview, Z\/os | 2025-04-11 | N/A |
| Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. | ||||
| CVE-2012-5918 | 1 Razorcms | 1 Razorcms | 2025-04-11 | N/A |
| razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. | ||||
| CVE-2012-5897 | 1 Quest | 1 Intrust | 2025-04-11 | N/A |
| The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument. | ||||
| CVE-2012-5879 | 1 Mcafee | 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician | 2025-04-11 | N/A |
| An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. | ||||
| CVE-2012-5675 | 1 Adobe | 1 Coldfusion | 2025-04-11 | N/A |
| Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | ||||
| CVE-2013-5701 | 1 Watchguard | 1 Server Center | 2025-04-11 | N/A |
| Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory. | ||||
| CVE-2012-5660 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2025-04-11 | N/A |
| abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." | ||||
| CVE-2012-5605 | 2 Cloudforms Tools, Redhat | 2 1, Cloudforms | 2025-04-11 | N/A |
| Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. | ||||
| CVE-2013-5169 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | ||||
| CVE-2010-0023 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-11 | N/A |
| The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." | ||||
| CVE-2010-0255 | 1 Microsoft | 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. | ||||
| CVE-2012-5588 | 2 Drupal, Epiqo | 2 Drupal, Email | 2025-04-11 | N/A |
| The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors. | ||||
| CVE-2012-5586 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-11 | N/A |
| The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | ||||
| CVE-2012-4582 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. | ||||
| CVE-2012-5574 | 1 Sensiolabs | 1 Symfony | 2025-04-11 | N/A |
| lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | ||||
| CVE-2010-3065 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. | ||||
| CVE-2012-2720 | 2 Adam Ross, Drupal | 2 Tokenauth, Drupal | 2025-04-11 | N/A |
| The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | ||||
| CVE-2012-5539 | 2 Drupal, Organic Groups Project | 2 Drupal, Organic Groups | 2025-04-11 | N/A |
| The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. | ||||