|
272031
|
- |
|
ez
|
ez_publish
|
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-7219
|
2015-07-28 23:35 |
2007-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272032
|
- |
|
ez
|
ez_publish
|
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulne…
|
NVD-CWE-noinfo
|
CVE-2007-4493
|
2015-07-28 03:36 |
2007-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272033
|
- |
|
ez
|
ez_publish
|
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
|
NVD-CWE-noinfo
|
CVE-2007-4494
|
2015-07-28 03:36 |
2007-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272034
|
- |
|
ghostscript
|
ghostscript
|
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary cod…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4270
|
2015-01-10 08:42 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272035
|
- |
|
ibm
|
websphere_application_server
|
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not p…
|
CWE-20
Improper Input Validation
|
CVE-2009-1172
|
2014-10-24 14:37 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272036
|
- |
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1173
|
2014-10-24 14:37 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272037
|
- |
|
oracle
|
database_server
|
Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect co…
|
NVD-CWE-noinfo
|
CVE-2009-0972
|
2014-09-9 02:56 |
2009-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272038
|
- |
|
mp3info
|
mp3info
|
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this …
|
NVD-CWE-Other
|
CVE-2006-2465
|
2014-05-31 11:22 |
2006-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272039
|
- |
|
emc
|
avamar
|
Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.
|
NVD-CWE-noinfo
|
CVE-2010-1919
|
2014-05-5 13:43 |
2010-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272040
|
- |
|
oracle
|
application_server
|
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTM…
|
NVD-CWE-noinfo
|
CVE-2009-1011
|
2014-01-14 12:46 |
2009-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
