Latest CVE Feed
-
2.1
LOWCVE-2010-2038
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these d... Read more
Affected Products : gpeasy_cms- EPSS Score: %0.29
- Published: May. 25, 2010
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2004-2337
The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.... Read more
Affected Products : inlook- EPSS Score: %0.06
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2015-6754
Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or... Read more
Affected Products : path_breadcrumbs- EPSS Score: %0.18
- Published: Aug. 31, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2004-1586
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.... Read more
Affected Products : flash_messaging_server- EPSS Score: %0.18
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-2400
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.... Read more
Affected Products : winftp_server- EPSS Score: %0.08
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2006-3457
Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow... Read more
- EPSS Score: %0.05
- Published: Aug. 05, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2006-2612
Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prom... Read more
Affected Products : client- EPSS Score: %0.08
- Published: May. 26, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2009-5056
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then... Read more
Affected Products : otrs- EPSS Score: %0.16
- Published: Mar. 18, 2011
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2012-0800
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by acc... Read more
Affected Products : moodle- EPSS Score: %0.07
- Published: Jul. 17, 2012
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2006-2071
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue wit... Read more
- EPSS Score: %0.11
- Published: Apr. 27, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2015-7872
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.... Read more
Affected Products : linux_kernel- EPSS Score: %0.06
- Published: Nov. 16, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2011-1172
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially se... Read more
Affected Products : linux_kernel- EPSS Score: %0.04
- Published: Jun. 22, 2011
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2006-4031
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.... Read more
- EPSS Score: %0.26
- Published: Aug. 09, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2007-0010
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.... Read more
Affected Products : gtk- EPSS Score: %0.87
- Published: Jan. 24, 2007
- Modified: Apr. 09, 2025
-
2.1
LOWCVE-2012-5530
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.... Read more
Affected Products : performance_co-pilot- EPSS Score: %0.14
- Published: Nov. 29, 2012
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2006-5173
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Che... Read more
- EPSS Score: %0.06
- Published: Oct. 17, 2006
- Modified: Apr. 09, 2025
-
2.1
LOWCVE-2006-2110
Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root.... Read more
Affected Products : vserver- EPSS Score: %0.09
- Published: May. 01, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2012-4833
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.... Read more
- EPSS Score: %0.05
- Published: Oct. 01, 2012
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2010-1636
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to re... Read more
Affected Products : linux_kernel- EPSS Score: %0.24
- Published: Jun. 08, 2010
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2006-0512
PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migr... Read more
Affected Products : migrationtools- EPSS Score: %0.07
- Published: Feb. 02, 2006
- Modified: Apr. 03, 2025