rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. Date published : 2019-10-29 https://access.redhat.com/security/cve/cve-2010-2064 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2064
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. Date published : 2019-10-29 https://access.redhat.com/security/cve/cve-2010-2061 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. Date published : 2019-10-29 https://trac.osgeo.org/mapserver/ticket/3641 https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html
gpw generates shorter passwords than required Date published : 2019-10-29 http://www.openwall.com/lists/oss-security/2012/01/17/13 https://access.redhat.com/security/cve/cve-2011-4931
ikiwiki before 3.20110608 allows remote attackers to hijack root’s tty and run symlink attacks. Date published : 2019-10-29 https://ikiwiki.info/security/#index40h2 https://security-tracker.debian.org/tracker/CVE-2011-1408
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. Date published : 2019-10-29 https://ikiwiki.info/security/#index38h2 https://security-tracker.debian.org/tracker/CVE-2011-0428
Bitlbee does not drop extra group privileges correctly in unix.c Date published : 2019-10-29 https://access.redhat.com/security/cve/cve-2012-1187 https://bugs.bitlbee.org/ticket/852
SugarCRM CE
mediawiki allows deleted text to be exposed Date published : 2019-10-29 https://access.redhat.com/security/cve/cve-2012-0046 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0046
A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack...
qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim’s disk and RAM. Date published :...
An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:TRMSServices directory, an attacker who has gained access to the system can elevate their...
The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a...
The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over...