Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1801 | 1 John Nunemaker | 1 Httparty | 2025-04-11 | 7.5 HIGH | N/A |
| The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156. | |||||
| CVE-2013-6863 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | 9.0 HIGH | N/A |
| SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2010-2238 | 1 Libvirt | 1 Libvirt | 2025-04-11 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||
| CVE-2011-4583 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | |||||
| CVE-2013-2640 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | |||||
| CVE-2007-6741 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | 6.5 MEDIUM | N/A |
| The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017. | |||||
| CVE-2010-1429 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 5.0 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. | |||||
| CVE-2011-2581 | 1 Cisco | 3 Nexus 3000, Nexus 5000, Nx-os | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. | |||||
| CVE-2012-2603 | 1 Collabnet | 1 Scrumworks | 2025-04-11 | 6.5 MEDIUM | N/A |
| The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. | |||||
| CVE-2012-1462 | 10 Ahnlab, Aladdin, Avg and 7 more | 10 V3 Internet Security, Esafe, Avg Anti-virus and 7 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. | |||||
| CVE-2010-5070 | 1 Apple | 1 Safari | 2025-04-11 | 5.0 MEDIUM | N/A |
| The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. | |||||
| CVE-2009-5001 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | |||||
| CVE-2011-3006 | 1 Mcafee | 1 Saas Endpoint Protection | 2025-04-11 | 6.8 MEDIUM | N/A |
| The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks. | |||||
| CVE-2013-3280 | 1 Emc | 1 Rsa Authentication Agent | 2025-04-11 | 7.5 HIGH | N/A |
| EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash. | |||||
| CVE-2011-2368 | 1 Mozilla | 1 Firefox | 2025-04-11 | 10.0 HIGH | N/A |
| The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-5966 | 1 Dlink | 1 Dsl-2730u | 2025-04-11 | 4.0 MEDIUM | N/A |
| The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. | |||||
| CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2025-04-11 | 9.3 HIGH | N/A |
| EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2010-0215 | 1 Activecollab | 1 Activecollab | 2025-04-11 | 6.0 MEDIUM | N/A |
| ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | |||||
| CVE-2011-1312 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. | |||||
| CVE-2012-4487 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. | |||||