Lucene search
K

3144 matches found

NVD
NVD
added 2008/10/29 3:31 p.m.15 views

CVE-2008-4789

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...

6CVSS6.3AI score0.00947EPSS
Exploits0References4
Prion
Prion
added 2008/10/29 3:31 p.m.13 views

Input validation

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...

6CVSS6.9AI score0.00947EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/10/29 3:0 p.m.21 views

CVE-2008-4789

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...

6.3AI score0.00947EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/10/13 12:0 a.m.28 views

FreeBSD : drupal -- multiple vulnerabilities (12efc567-9879-11dd-a5e7-0030843d3802)

The Drupal Project reports : A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...

7.5CVSS5.4AI score0.02207EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2008/10/08 12:0 a.m.30 views

drupal -- multiple vulnerabilities

The Drupal Project reports: A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...

7.5CVSS6.2AI score0.02207EPSS
Exploits0References4
NVD
NVD
added 2008/09/26 4:21 p.m.18 views

CVE-2008-3803

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching MPLS VPN with extended communities is configured, sometimes causes a corrupted route target RT to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances...

5.1CVSS6.4AI score0.02647EPSS
Exploits0References6
Prion
Prion
added 2008/09/26 4:21 p.m.19 views

Design/Logic Flaw

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching MPLS VPN with extended communities is configured, sometimes causes a corrupted route target RT to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances...

5.1CVSS6.7AI score0.02647EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2008/09/26 4:0 p.m.25 views

CVE-2008-3803

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching MPLS VPN with extended communities is configured, sometimes causes a corrupted route target RT to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances...

6.4AI score0.02647EPSS
Exploits0References6
Cisco
Cisco
added 2008/09/24 4:0 p.m.35 views

Cisco IOS MPLS VPN May Leak Information

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching MPLS Virtual Private Networks VPNs or VPN Routing and Forwarding Lite VRF Lite and using Border Gateway Protocol BGP between Customer Edge CE and Provider Edge PE devices may permit...

5.1CVSS6.4AI score0.02647EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.23 views

FreeBSD Ports: imap-uw

The remote host is missing an update to the system as announced in the referenced advisory. VID d1bbc235-c0c9-45cd-8d2d-c1b8fd22e616 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

7.5CVSS6.3AI score0.05091EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.19 views

FreeBSD Security Advisory (FreeBSD-SA-06:06.kmem.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:06.kmem.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

2.1CVSS7AI score0.00382EPSS
Exploits1References2
seebug.org
seebug.org
added 2008/06/03 12:0 a.m.21 views

LokiCMS admin.php文件绕过安全限制漏洞

BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误,如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话,则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段: admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/05/20 2:16 p.m.30 views

Low: Red Hat Security Advisory: nss_ldap security and bug fix update

An updated nssldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows...

4.3CVSS5.8AI score0.01164EPSS
Exploits1References5
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.49 views

Secunia Research: activePDF DocConverter Applix Graphics Parsing Vulnerabilities

====================================================================== Secunia Research 08/04/2008 - activePDF DocConverter Applix Graphics Parsing Vulnerabilities - ====================================================================== Table of Contents Affected...

9.3CVSS0.7AI score0.05741EPSS
Exploits4
securityvulns
securityvulns
added 2007/12/19 12:0 a.m.57 views

AST-2007-027 - Database matching order permits host-based authentication to be ignored

Asterisk Project Security Advisory - AST-2007-027 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Database matching order permits host-based | | | authenticatio...

4.3CVSS6.4AI score0.01951EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.34 views

SuSE 10 Security Update : samba (ZYPP Patch Number 2556)

A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. CVE-2007-0452 In addition the following changes are included with these packages : - Move tdb utils to the client package. - The version string of binaries reported by the -V option now include the packag...

6.8CVSS8.2AI score0.0459EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.36 views

openSUSE 10 Security Update : samba (samba-2553)

A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon CVE-2007-0452. In addition the following changes are included with these packages : - Move tdb utils to the client package. - Add version of the package subversion to Samba vendor version suffix. - Fix tim...

6.8CVSS8.2AI score0.0459EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.17 views

openSUSE 10 Security Update : samba (samba-2584)

"A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. In addition the following changes are included with these packages : - Disable broken DCERPC funnel patch; 242833. - Avoid winbind event handler for internal domains. - Fix smbcontrol winbind offline;...

5.6AI score
Exploits0
CVE
CVE
added 2007/06/01 10:0 a.m.62 views

CVE-2007-2989

CVE-2007-2989 affects the libike library in Sun Solaris 9 prior to 20070529. A logic error related to a specific pointer allows remote attackers to cause a denial of service by sending certain UDP packets with a source port different from 500, crashing the in.iked daemon. The issue overlaps with ...

7.8CVSS6.4AI score0.03438EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/05/16 12:0 a.m.38 views

Mandrake Linux Security Advisory : samba (MDKSA-2007:104-1)

A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server CVE-2007-2446. A remote...

10CVSS8.8AI score0.77806EPSS
Exploits39References3
Rows per page
Query Builder