Search Results (9545 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1831 2 Ecryptfs, Redhat 3 Ecryptfs-utils, Ecryptfs Utils, Enterprise Linux 2025-04-11 N/A
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
CVE-2010-1326 1 March-hare 2 Cvs Suite, Cvsnt 2025-04-11 N/A
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.
CVE-2011-1833 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
CVE-2011-1836 1 Ecryptfs 2 Ecryptfs-utils, Ecryptfs Utils 2025-04-11 N/A
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
CVE-2013-1190 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850.
CVE-2012-5660 1 Redhat 2 Automatic Bug Reporting Tool, Enterprise Linux 2025-04-11 N/A
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."
CVE-2012-5655 2 Drupal, Steven Jones 2 Drupal, Context 2025-04-11 N/A
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
CVE-2010-2470 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.
CVE-2011-1926 2 Cmu, Redhat 2 Cyrus Imap Server, Enterprise Linux 2025-04-11 N/A
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
CVE-2012-5651 1 Drupal 1 Drupal 2025-04-11 N/A
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
CVE-2012-5584 2 Drupal, M2osw 2 Drupal, Tableofcontents 2025-04-11 N/A
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.
CVE-2012-5574 1 Sensiolabs 1 Symfony 2025-04-11 N/A
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
CVE-2012-6581 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
CVE-2012-1599 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
CVE-2010-2427 1 Vmware 1 Studio 2025-04-11 N/A
VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors.
CVE-2012-1623 2 Aidanlister, Drupal 2 Regcode, Drupal 2025-04-11 N/A
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions.
CVE-2013-5414 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
CVE-2013-5420 1 Ibm 1 Security Access Manager For Enterprise Single Sign-on 2025-04-11 N/A
The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request.
CVE-2013-1169 1 Cisco 1 Unified Meetingplace Web Conferencing Server 2025-04-11 N/A
Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846.
CVE-2013-5424 1 Ibm 1 Flex System Manager 2025-04-11 N/A
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.