CVE-2011-1599

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated use...

CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

[Backports-security-announce] Security Update for postgresql-8.4

Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problems: CVE-2010-1169 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict...

CVE-2010-1975

CVE-2010-1975 affects PostgreSQL 7.4 up to 7.4.29, 8.0 up to 8.0.25, 8.1 up to 8.1.21, 8.2 up to 8.2.17, 8.3 up to 8.3.11, and 8.4 up to 8.4.4. The flaw is an improper privilege check during certain RESET ALL operations, allowing a remote authenticated user to remove arbitrary parameter settings ...

CVE-2010-1975

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a 1 ALTER USER ...

MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities

The version of MySQL Community Server 5.1 installed on the remote host is earlier than 5.1.46 and thus potentially affected by the following vulnerabilities : - A local user may be able to issue a 'DROP TABLE' command for one MyISAM table and remove the data and index files of a different MyISAM...

CVE-2008-4688

core/stringapi.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number...

Design/Logic Flaw

core/stringapi.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number...

CVE-2008-4098

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time a...

CVE-2008-4097

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed wh...

CVE-2008-3967

moderation.php in MyBB aka MyBulletinBoard before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors...

CVE-2008-3967

The CVE-2008-3967 entry concerns MyBB (MyBulletinBoard) moderation.php prior to version 1.4.1, where moderator privilege checks are not performed correctly. The description notes unknown impact and remote attack vectors. Public references corroborate the version boundary (before 1.4.1) but do not...

CVE-2008-3967

moderation.php in MyBB aka MyBulletinBoard before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors...

DSA-1630-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities

Bulletin has no description...

MySQL Enterprise Server 5.0 < 5.0.60 MyISAM CREATE TABLE Privilege Check Bypass

The version of MySQL Enterprise Server 5.0 installed on the remote host is earlier than 5.0.60. Such versions reportedly allow a local user to circumvent privileges through creation of MyISAM tables using the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table files in the...

CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory,...

CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory,...

Information disclosure

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information...

CVE-2007-5486

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information...

Information disclosure

MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...