Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3292 | 1 Globus | 1 Globus Toolkit | 2012-09-06 | 7.6 HIGH | N/A |
| The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file. | |||||
| CVE-2012-3426 | 1 Openstack | 3 Essex, Horizon, Keystone | 2012-09-06 | 4.9 MEDIUM | N/A |
| OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password. | |||||
| CVE-2012-4752 | 1 Owncloud | 1 Owncloud | 2012-09-06 | 5.0 MEDIUM | N/A |
| appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. | |||||
| CVE-2012-4747 | 1 Mozilla | 1 Bugzilla | 2012-09-04 | 5.0 MEDIUM | N/A |
| Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. | |||||
| CVE-2012-2969 | 1 Caucho | 1 Resin | 2012-09-03 | 6.4 MEDIUM | N/A |
| Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request. | |||||
| CVE-2012-1641 | 2 Danielb, Drupal | 2 Finder, Drupal | 2012-08-28 | 6.0 MEDIUM | N/A |
| The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. | |||||
| CVE-2012-1643 | 2 Drupal, Jason Savino | 2 Drupal, Fp | 2012-08-28 | 5.0 MEDIUM | N/A |
| The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors. | |||||
| CVE-2012-1642 | 2 Drupal, Yaml-fuer-drupal | 2 Drupal, Linkchecker | 2012-08-28 | 5.0 MEDIUM | N/A |
| includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-1635 | 2 Drupal, Rik De Boer | 2 Drupal, Revisioning | 2012-08-28 | 6.4 MEDIUM | N/A |
| The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content. | |||||
| CVE-2010-5189 | 1 Bluecoat | 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more | 2012-08-27 | 9.3 HIGH | N/A |
| Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session. | |||||
| CVE-2010-5093 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 5.0 MEDIUM | N/A |
| Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user. | |||||
| CVE-2010-5090 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 4.0 MEDIUM | N/A |
| SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security. | |||||
| CVE-2010-5087 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 5.0 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller. | |||||
| CVE-2010-5190 | 1 Bluecoat | 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more | 2012-08-26 | 5.0 MEDIUM | N/A |
| The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. | |||||
| CVE-2010-5089 | 1 Silverstripe | 1 Silverstripe | 2012-08-26 | 4.3 MEDIUM | N/A |
| SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2012-3484 | 1 Google | 1 Tunnelblick | 2012-08-26 | 7.2 HIGH | N/A |
| Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. | |||||
| CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2012-08-26 | 4.4 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||||
| CVE-2009-5131 | 1 Websense | 1 Websense Email Security | 2012-08-26 | 5.0 MEDIUM | N/A |
| The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. | |||||
| CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2012-08-26 | 6.9 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||||
| CVE-2010-5094 | 1 Silverstripe | 1 Silverstripe | 2012-08-26 | 5.0 MEDIUM | N/A |
| The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing." | |||||