| Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-3440 | 5.6 |
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
|
13-02-2023 - 04:34 | 08-08-2012 - 10:26 | |
| CVE-2012-3447 | 4.9 |
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by ro
|
13-02-2023 - 03:28 | 20-08-2012 - 18:55 | |
| CVE-2002-0654 | 5.0 |
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that o
|
06-06-2021 - 11:15 | 05-09-2002 - 04:00 | |
| CVE-2018-8512 | 5.8 |
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Micr
|
06-12-2018 - 13:30 | 10-10-2018 - 13:29 | |
| CVE-2010-4277 | 4.3 |
Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php.
|
10-10-2018 - 20:07 | 22-12-2010 - 21:00 | |
| CVE-2017-3256 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via mult
|
08-12-2017 - 02:29 | 27-01-2017 - 22:59 | |
| CVE-2007-4636 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) int
|
29-09-2017 - 01:29 | 31-08-2007 - 23:17 | |
| CVE-2009-2224 | 4.3 |
Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter.
|
19-09-2017 - 01:29 | 26-06-2009 - 15:30 | |
| CVE-2005-3684 | 7.5 |
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
|
11-07-2017 - 01:33 | 19-11-2005 - 01:03 | |
| CVE-2015-1927 | 6.8 |
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which a
|
22-12-2016 - 02:59 | 14-07-2015 - 17:59 | |
| CVE-2012-3457 | 2.1 |
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
|
05-04-2013 - 03:12 | 12-08-2012 - 00:55 | |
| CVE-2012-4237 | 6.8 |
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_que
|
11-09-2012 - 04:00 | 20-08-2012 - 20:55 |