Vulnerabilities > Configuration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-19 | CVE-2013-0224 | Configuration vulnerability in Video Project Video The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | 4.4 |
| 2013-03-12 | CVE-2011-1164 | Configuration vulnerability in David King Vino Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks. | 4.6 |
| 2013-03-06 | CVE-2012-5770 | Configuration vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.2.0.0/7.2.1/7.2.1.3 The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack. | 5.8 |
| 2013-03-05 | CVE-2013-0931 | Configuration vulnerability in RSA Authentication Agent for Windows 7.1/7.1.1 EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. | 5.4 |
| 2013-02-24 | CVE-2013-0118 | Configuration vulnerability in Cs-Cart CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. | 5.0 |
| 2013-02-14 | CVE-2012-5634 | Configuration vulnerability in XEN Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. | 6.1 |
| 2013-01-29 | CVE-2013-1451 | Configuration vulnerability in Microsoft Internet Explorer 8/9 Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. | 4.0 |
| 2013-01-29 | CVE-2013-1450 | Configuration vulnerability in Microsoft Internet Explorer 8/9 Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. | 4.0 |
| 2012-12-13 | CVE-2012-5512 | Configuration vulnerability in Citrix Xenserver 4.1.0 Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | 3.2 |
| 2012-12-13 | CVE-2012-3276 | Configuration vulnerability in HP Openvms HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. | 2.1 |