Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5454 | 1 Atutor | 1 Acontent | 2013-04-10 | 6.5 MEDIUM | N/A |
| user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168. | |||||
| CVE-2013-1385 | 1 Adobe | 1 Shockwave Player | 2013-04-09 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. | |||||
| CVE-2013-1802 | 1 Dan Kubb | 1 Extlib | 2013-04-09 | 7.5 HIGH | N/A |
| The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | |||||
| CVE-2013-1800 | 1 John Nunemaker | 1 Crack | 2013-04-09 | 7.5 HIGH | N/A |
| The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | |||||
| CVE-2013-1801 | 1 John Nunemaker | 1 Httparty | 2013-04-09 | 7.5 HIGH | N/A |
| The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156. | |||||
| CVE-2013-0718 | 1 Simeji | 1 Simeji | 2013-04-04 | 5.0 MEDIUM | N/A |
| The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2013-2640 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2013-04-04 | 5.0 MEDIUM | N/A |
| ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | |||||
| CVE-2012-3457 | 1 Pnp4nagios | 1 Pnp4nagios | 2013-04-04 | 2.1 LOW | N/A |
| PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. | |||||
| CVE-2012-3512 | 1 Munin-monitoring | 1 Munin | 2013-04-04 | 7.2 HIGH | N/A |
| Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. | |||||
| CVE-2012-1576 | 1 Atheme | 1 Atheme | 2013-04-04 | 6.0 MEDIUM | N/A |
| The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. | |||||
| CVE-2011-4578 | 1 Tedfelix | 1 Acpid2 | 2013-04-04 | 4.6 MEDIUM | N/A |
| event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls. | |||||
| CVE-2012-6116 | 1 Katello | 2 Katello, Katello-configure | 2013-04-03 | 2.1 LOW | N/A |
| modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. | |||||
| CVE-2012-6119 | 2 Candlepinproject, Redhat | 2 Candlepin, Subscription Asset Manager | 2013-04-02 | 2.1 LOW | N/A |
| Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | |||||
| CVE-2012-0680 | 1 Apple | 1 Safari | 2013-04-01 | 5.0 MEDIUM | N/A |
| Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
| CVE-2012-0878 | 1 Pythonpaste | 1 Paste | 2013-04-01 | 5.1 MEDIUM | N/A |
| Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. | |||||
| CVE-2012-0304 | 1 Symantec | 1 Liveupdate Administrator | 2013-04-01 | 6.9 MEDIUM | N/A |
| Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2013-2301 | 1 Omron | 1 Openwnn | 2013-03-29 | 4.3 MEDIUM | N/A |
| The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2012-5879 | 1 Mcafee | 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician | 2013-03-29 | 8.2 HIGH | N/A |
| An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. | |||||
| CVE-2013-2300 | 1 Pm9 | 1 Flickwnn | 2013-03-28 | 5.0 MEDIUM | N/A |
| The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2013-0257 | 2 David Alkire, Drupal | 2 Email2image, Drupal | 2013-03-27 | 5.0 MEDIUM | N/A |
| The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. | |||||