Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1011 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2012-0948 | 2 Canonical, Gnome | 2 Ubuntu Linux, Update-manager-core | 2017-08-29 | 2.1 LOW | N/A |
| DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | |||||
| CVE-2012-0733 | 1 Ibm | 1 Rational Appscan | 2017-08-29 | 6.0 MEDIUM | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. | |||||
| CVE-2012-0706 | 1 Ibm | 1 Scale Out Network Attached Storage | 2017-08-29 | 3.5 LOW | N/A |
| IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine. | |||||
| CVE-2012-0701 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2012-0396 | 1 Emc | 1 Documentum Xplore | 2017-08-29 | 4.0 MEDIUM | N/A |
| EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | |||||
| CVE-2012-0279 | 1 Quest | 1 Toad For Data Analysts | 2017-08-29 | 6.9 MEDIUM | N/A |
| Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2012-0205 | 1 Ibm | 2 Infosphere Information Server, Infosphere Metadata Workbench | 2017-08-29 | 6.5 MEDIUM | N/A |
| InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. | |||||
| CVE-2012-0191 | 1 Ibm | 1 Lotus Expeditor | 2017-08-29 | 5.0 MEDIUM | N/A |
| The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. | |||||
| CVE-2012-0129 | 1 Hp | 1 Onboard Administrator | 2017-08-29 | 7.6 HIGH | N/A |
| HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0030 | 1 Openstack | 2 Essex, Nova | 2017-08-29 | 4.9 MEDIUM | N/A |
| Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. | |||||
| CVE-2011-5144 | 1 Obm | 1 Open Business Management | 2017-08-29 | 5.0 MEDIUM | N/A |
| Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function. | |||||
| CVE-2011-5060 | 1 Roderich Schupp | 1 Par-packer Module | 2017-08-29 | 3.3 LOW | N/A |
| The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114. | |||||
| CVE-2011-5058 | 1 3ssoftware | 1 Codesys | 2017-08-29 | 6.4 MEDIUM | N/A |
| The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | |||||
| CVE-2011-5044 | 1 Sopcast | 1 Sopcast | 2017-08-29 | 7.2 HIGH | N/A |
| SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program. | |||||
| CVE-2011-4216 | 1 Investintech | 1 Slimpdf Reader | 2017-08-29 | 9.3 HIGH | N/A |
| Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2011-4212 | 1 Google | 1 App Engine Python Sdk | 2017-08-29 | 7.2 HIGH | N/A |
| The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | |||||
| CVE-2011-4211 | 1 Google | 1 App Engine Python Sdk | 2017-08-29 | 7.2 HIGH | N/A |
| The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | |||||
| CVE-2011-4197 | 1 Pfsense | 1 Pfsense | 2017-08-29 | 7.5 HIGH | N/A |
| etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. | |||||
| CVE-2011-3839 | 1 Wuzly | 1 Wuzly | 2017-08-29 | 7.5 HIGH | N/A |
| The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie. | |||||