Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1635 | 2 Drupal, Rik De Boer | 2 Drupal, Revisioning | 2012-08-29 | 6.4 MEDIUM | N/A |
| The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content. | |||||
| CVE-2012-1641 | 2 Danielb, Drupal | 2 Finder, Drupal | 2012-08-29 | 6.0 MEDIUM | N/A |
| The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. | |||||
| CVE-2010-5189 | 1 Bluecoat | 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more | 2012-08-27 | 9.3 HIGH | N/A |
| Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session. | |||||
| CVE-2010-5093 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 5.0 MEDIUM | N/A |
| Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user. | |||||
| CVE-2010-5090 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 4.0 MEDIUM | N/A |
| SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security. | |||||
| CVE-2010-5087 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 5.0 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller. | |||||
| CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2012-08-27 | 4.4 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||||
| CVE-2010-5094 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 5.0 MEDIUM | N/A |
| The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing." | |||||
| CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2012-08-27 | 6.9 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||||
| CVE-2010-5089 | 1 Silverstripe | 1 Silverstripe | 2012-08-27 | 4.3 MEDIUM | N/A |
| SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2010-5190 | 1 Bluecoat | 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more | 2012-08-27 | 5.0 MEDIUM | N/A |
| The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. | |||||
| CVE-2012-3484 | 1 Google | 1 Tunnelblick | 2012-08-27 | 7.2 HIGH | N/A |
| Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. | |||||
| CVE-2009-5131 | 1 Websense | 1 Websense Email Security | 2012-08-27 | 5.0 MEDIUM | N/A |
| The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. | |||||
| CVE-2011-5102 | 1 Websense | 4 Websense Web Filter, Websense Web Security, Websense Web Security Gateway and 1 more | 2012-08-23 | 7.5 HIGH | N/A |
| The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. | |||||
| CVE-2010-5144 | 1 Websense | 3 Websense, Websense Web Filter, Websense Web Security | 2012-08-23 | 4.3 MEDIUM | N/A |
| The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. | |||||
| CVE-2009-5121 | 1 Websense | 1 Websense Email Security | 2012-08-23 | 5.0 MEDIUM | N/A |
| Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. | |||||
| CVE-2012-4586 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2012-08-22 | 3.5 LOW | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. | |||||
| CVE-2012-4593 | 1 Mcafee | 2 Application Control, Change Control | 2012-08-22 | 5.0 MEDIUM | N/A |
| McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | |||||
| CVE-2010-5143 | 1 Mcafee | 1 Virusscan Enterprise | 2012-08-22 | 2.6 LOW | N/A |
| McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. | |||||
| CVE-2010-3499 | 1 F-secure | 1 Anti-virus | 2012-08-22 | 6.4 MEDIUM | N/A |
| F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors." | |||||