CVE-2011-0804

CVE-2011-0804 affects Oracle Database Server via the Database Vault component across versions 10.2.0.3–11.2.0.2. The impact is confidentiality and integrity with unknown vectors and requires remote authenticated access (per CVE entry and NVD entry). Oracle’s April 2011 CPU advisory documents this...

CVE-2011-0793

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and availability, related to SYSDBA...

CVE-2011-0895

Unspecified vulnerability in HP Network Node Manager i NNMi 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors...

CVE-2009-5058

Affected product/summary: IBM Lotus Quickr 8.1 before 8.1.0.5 for Lotus Domino. Vulnerability details: An unspecified vulnerability allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, referenced as SPR RELS7LARKR....

CVE-2011-1025

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name DN, which allows remote attackers to bypass intended access restrictions via an arbitrary password...

CVE-2011-1024

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicyforwardupdates aka authentication-failure forwarding is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a sla...

DEBIAN-CVE-2010-4763

The ACL-customer-status Ticket Type setting in Open Ticket Request System OTRS before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the 1 Status, 2 Service, and 3 Queue via selections...

Design/Logic Flaw

Open Ticket Request System OTRS before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the...

Open redirect

Open Ticket Request System OTRS before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions...

CVE-2008-7282

CVE-2008-7282 affects Open Ticket Request System (OTRS) prior to version 2.2.6. When the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, remote authenticated users can bypass access restrictions and perform certain (1) list and (2) write operations on queues via unspecifie...

CVE-2010-4761

The CVE-2010-4761 entry describes an information-disclosure flaw in Open Ticket Request System (OTRS) prior to version 3.0.0-beta3. The vulnerability arises in the customer-interface ticket-print dialog, which does not properly restrict customer-visible data, enabling remote authenticated users t...

CVE-2011-0648

Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors...

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

CVE-2011-0700

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to 1 the Quick/Bulk Edit title aka post title or posttitle, 2 poststatus, 3 commentstatus, 4 pingstatus, and 5 escaping of tags...

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...

CVE-2011-1319

The CVE-2011-1319 issue affects IBM WebSphere Application Server 6.1.x before 6.1.0.35 and 7.x before 7.0.0.15. The vulnerability allows remote authenticated users to cause a denial of service via a Lightweight Third-Party Authentication (LTPA) token. Public references confirm the impact as memor...

PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Postgres Plus Advanced Server DBA Management Server. Authentication is not required to exploit this vulnerability. The flaw exists within the DBA Management Server component which listens by defaul...

(mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser

The walk function in repos.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger the walking of SVNParentPath...

Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files

Multiple memory leaks in revhunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service memory consumption and daemon crash via the -g option to the blame command...

CVE-2010-4731

Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...