Search Results (9546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5341 1 Moodle 1 Moodle 2025-04-12 N/A
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
CVE-2015-5434 1 Hp 87 Jc072b Hp 12500 Main Processing Unit, Jc085a Hp A12518 Switch Chassis, Jc086a Hp A12508 Switch Chassis and 84 more 2025-04-12 N/A
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
CVE-2013-1963 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
CVE-2014-0899 1 Ibm 1 Aix 2025-04-12 N/A
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
CVE-2013-2043 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
CVE-2013-2048 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
CVE-2015-5496 1 Pass2pdf Project 1 Pass2pdf 2025-04-12 N/A
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.
CVE-2015-5498 1 Shipwire Api Project 1 Shipwire Api 2025-04-12 N/A
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.
CVE-2015-8333 1 Huawei 1 Vcn500 2025-04-12 N/A
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets.
CVE-2015-8336 1 Huawei 1 Fusioncompute 2025-04-12 4.3 Medium
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.
CVE-2015-5723 3 Debian, Doctrine-project, Zend 10 Debian Linux, Annotations, Cache and 7 more 2025-04-12 N/A
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
CVE-2015-5602 1 Sudo Project 1 Sudo 2025-04-12 N/A
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
CVE-2013-4159 3 Ctdb Project, Mageia, Opensuse 3 Ctdb, Mageia, Opensuse 2025-04-12 N/A
ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h.
CVE-2013-4177 2 Drupal, Google Authenticator Login Project 2 Drupal, Ga Login 2025-04-12 N/A
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors.
CVE-2015-5715 1 Wordpress 1 Wordpress 2025-04-12 N/A
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
CVE-2013-4196 1 Plone 1 Plone 2025-04-12 N/A
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
CVE-2013-4597 1 Rik De Boer 1 Revisioning 2025-04-12 N/A
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2013-5356 1 Sharetronix 1 Sharetronix 2025-04-12 N/A
Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors.
CVE-2015-6034 1 Epson 1 Network Utility 2025-04-12 N/A
EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.
CVE-2015-6047 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
The broker EditWith feature in Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the AppContainer protection mechanism and gain privileges via a DelegateExecute launch of an arbitrary application, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."