8 matches found
CVE-2013-4357
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
CVE-2013-4412
slim has NULL pointer dereference when using crypt() method from glibc 2.17
CVE-2012-1155
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
CVE-2011-0703
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
CVE-2012-2237
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Dis...
CVE-2012-0049
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
CVE-2011-4900
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
CVE-2013-1811
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".