4422 matches found
CVE-2009-5077
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHPSELF variable, which is not properly handled by 1 includes/applicationtop.php and 2 admin/includes/applicationtop.php...
CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
PYSEC-2011-16
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
PYSEC-2011-16
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
VulnCheck KEV: CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
Design/Logic Flaw
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the 1 ping test parameter ...
DEBIAN-CVE-2011-2167
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...
CVE-2011-2167
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script...
Design/Logic Flaw
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script...
CVE-2011-2166
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script...
Dovecot: Failed to properly update ACL cache, when multiple rules defined rights for one subject
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving...
Dovecot: Busy master process, receiving a lot of SIGCHLD signals rapidly while logging, could die
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service master process outage by simultaneously disconnecting many 1 IMAP or 2 POP3 sessions...
Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006
Exploit for windows platform in category remote exploits Sense of Security - Security Advisory - SOS-11-006 Release Date. 18-May-2011 Last Update. - Vendor Notification Date. 28-Feb-2011 Product. Cisco Unified Operations Manager Common Services Framework Help Servlet Common Services Device Center...
CVE-2011-1402
Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a reque...
Apache Struts 2 Multiple Reflected XSS in XWork error pages
Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...
CVE-2011-1324
Multiple cross-site request forgery CSRF vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for...
CVE-2011-1324
CVE-2011-1324 describes CSRF vulnerabilities in Buffalo router management interfaces (models WHR, WZR2, WZR, WER, BBR series with firmware 1.x; BHR-4RV/FS-G54 with 2.x; AS-100). The flaw allows remote attackers to hijack administrator authentication and modify settings, demonstrated by changing t...
CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...
CVE-2011-1724
CVE-2011-1724 describes an unspecified vulnerability in HP Virtual Server Environment for Windows prior to version 6.3 that could allow remote authenticated users to escalate privileges. The NVD entry lists a CVSS v2 base score of 6.0 (Network vector, single authentication, partial confidentialit...