5230 matches found
CVE-2012-4421
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
UBUNTU-CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores...
Linux Kernel子系统连接器缺少能力检查漏洞
BUGTRAQ ID: 36834 CVECAN ID: CVE-2009-3725 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/video/uvesafb.c、drivers/staging/pohmelfs/config.c、drivers/staging/dst/dcore.c和drivers/md/dm-log-userspace-transfer.c驱动中缺少能力检查,非特权用户可以向某些使用连接器的子系统发送netlink报文执行一些非授权的操作。 Linux kernel 2.6.x 厂商补丁: Linux...
Design/Logic Flaw
The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...
kernel: missing capability check in z90crypt
The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...
kernel: missing check before setting mount propagation
The dochangetype function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAPSYSADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint...