11 matches found
SUSE CVE-2014-0061
The validator functions for the procedural languages PLs in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is 1 defined in another language or 2 not allowed to b...
GHSA-8R7Q-CVJQ-X353 Incorrect Privilege Assignment in Jinja2
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
Debian DLA-2987-1 : libarchive - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2987 advisory. Three issues have been found in libarchive, a multi-format archive and compression library. CVE-2021-31566 symbolic links incorrectly followed when changing modes,...
Command Execution Vulnerability in Ocean CMS (CNVD-2020-69482)
Ocean CMS seacms, Ocean Video Management System is a video-on-demand system designed for webmasters with different needs. A command execution vulnerability exists in the background of Ocean CMS. Attackers can use this vulnerability to write malicious code to execute system commands and obtain...
Debian DLA-455-1 : asterisk security update
CVE-2014-6610 Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the resfaxspandsp module, allows remote authenticated users to cause a denial of service crash via an out of call message, which is not properly handled in the...
CVE-2014-5285
Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...
CVE-2012-5381
Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an...
CVE-2010-0407
Multiple buffer overflows in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled...
Design/Logic Flaw
The PML Driver HPZ12 HPZipm12.exe in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICECHANGECONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to...
CVE-2006-4586
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modifprofil.php, and changing a password via...
CVE-2006-3203
The installation of Ultimate PHP Board UPB 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges...