| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php. |
| SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. |
| The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. |
| Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext |
| Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. |
| OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. |
| Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. |
| OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. |
| mediawiki allows deleted text to be exposed |
| Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. |
| Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. |
| The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. |
| In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. |
| mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |
| Snare for Linux before 1.7.0 has CSRF in the web interface. |
