Vulnerabilities > Permissions, Privileges, and Access Controls
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-10-04 | CVE-2002-1111 | Permissions, Privileges, and Access Controls vulnerability in Mantis print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted. | 5.0 |
2002-02-13 | CVE-2002-0013 | Permissions, Privileges, and Access Controls vulnerability in Snmp Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. | 10.0 |
2002-02-13 | CVE-2002-0012 | Permissions, Privileges, and Access Controls vulnerability in Snmp Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. | 10.0 |
2002-02-06 | CVE-2001-1371 | Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server 1.0.2 The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | 7.5 |
2001-12-06 | CVE-2001-1247 | Permissions, Privileges, and Access Controls vulnerability in PHP 4.0.4Pl1/4.0.5 PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | 6.4 |
2001-10-18 | CVE-2001-0771 | Permissions, Privileges, and Access Controls vulnerability in Spytech-Web Spyanywhere 1.50 Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field. | 7.5 |
2001-08-31 | CVE-2001-1009 | Permissions, Privileges, and Access Controls vulnerability in Fetchmail Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. | 10.0 |
2000-11-14 | CVE-2000-0844 | Permissions, Privileges, and Access Controls vulnerability in multiple products Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | 10.0 |
1999-07-19 | CVE-1999-1011 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | 10.0 |
1996-09-13 | CVE-1999-1383 | Permissions, Privileges, and Access Controls vulnerability in multiple products (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. | 4.6 |