Latest CVE Feed
-
4.0
MEDIUMCVE-2011-3514
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET).... Read more
- Published: Jan. 18, 2012
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2013-4432
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed ... Read more
Affected Products : mahara- Published: May. 19, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2018-1568
IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.... Read more
- Published: Dec. 05, 2018
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2013-1973
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain s... Read more
Affected Products : autocomplete_widgets- Published: Jun. 09, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-7234
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.... Read more
Affected Products : open_semantic_framework- Published: Sep. 17, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2024-30124
HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.... Read more
Affected Products : sametime- Published: Oct. 23, 2024
- Modified: Oct. 29, 2024
-
4.0
MEDIUMCVE-2010-4685
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCt... Read more
Affected Products : ios- Published: Jan. 07, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2007-0836
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NO... Read more
- Published: Feb. 08, 2007
- Modified: Apr. 09, 2025
-
4.0
MEDIUMCVE-2004-2616
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.... Read more
Affected Products : activepost_standard- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2006-0930
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter.... Read more
Affected Products : argosoft_mail_server- Published: Feb. 28, 2006
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2010-4835
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.... Read more
Affected Products : aims- Published: Sep. 14, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2007-3839
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program... Read more
Affected Products : dr- Published: Jul. 17, 2007
- Modified: Apr. 09, 2025
-
4.0
MEDIUMCVE-2013-1451
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote ... Read more
Affected Products : internet_explorer- Published: Jan. 29, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2012-4495
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.... Read more
- Published: Oct. 31, 2012
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2024-52614
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.... Read more
Affected Products :- Published: Nov. 20, 2024
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-25341
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.... Read more
- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2015-1884
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated use... Read more
- Published: Jun. 28, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2013-4020
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.... Read more
Affected Products : maximo_asset_management- Published: Oct. 01, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2016-0382
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.... Read more
- Published: May. 03, 2017
- Modified: Apr. 20, 2025
-
4.0
MEDIUMCVE-2023-23469
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force... Read more
Affected Products : cloud_pak_for_business_automation- Published: Feb. 01, 2023
- Modified: Mar. 26, 2025