| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2012-2000 | Multiple unspecified vulnerabilities in HP System Health Application and Command Line Utilities befo... | | |
| CVE-2012-2001 | Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote atta... | | |
| CVE-2012-2002 | Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redi... | | |
| CVE-2012-2003 | Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Wi... | | |
| CVE-2012-2004 | Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 an... | | |
| CVE-2012-2005 | Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows S... | | |
| CVE-2012-2006 | Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and ... | | |
| CVE-2012-2007 | SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.0... | | |
| CVE-2012-2008 | Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.00... | | |
| CVE-2012-2009 | Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002... | | |
| CVE-2012-2010 | The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and ... | | |
| CVE-2012-2011 | Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to... | | |
| CVE-2012-2012 | HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for uns... | S | |
| CVE-2012-2013 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attacker... | S | |
| CVE-2012-2014 | HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remo... | S | |
| CVE-2012-2015 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenti... | S | |
| CVE-2012-2016 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to ... | S | |
| CVE-2012-2017 | Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All... | | |
| CVE-2012-2018 | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x all... | | |
| CVE-2012-2019 | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute ... | | |
| CVE-2012-2020 | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute ... | | |
| CVE-2012-2021 | Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 al... | | |
| CVE-2012-2022 | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9... | | |
| CVE-2012-2023 | Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service... | S | |
| CVE-2012-2024 | Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service... | S | |
| CVE-2012-2025 | Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service... | S | |
| CVE-2012-2026 | Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service... | S | |
| CVE-2012-2027 | Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.... | S | |
| CVE-2012-2028 | Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remo... | S | |
| CVE-2012-2029 | Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2030 | Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2031 | Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2032 | Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2033 | Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2034 | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1... | KEV | |
| CVE-2012-2035 | Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on... | | |
| CVE-2012-2036 | Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows an... | | |
| CVE-2012-2037 | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1... | | |
| CVE-2012-2038 | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1... | | |
| CVE-2012-2039 | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1... | | |
| CVE-2012-2040 | Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11... | | |
| CVE-2012-2041 | CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows r... | S | |
| CVE-2012-2042 | Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service... | | |
| CVE-2012-2043 | Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2044 | Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2045 | Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2046 | Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2047 | Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2012-2048 | Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of s... | S | |
| CVE-2012-2049 | Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on W... | S | |
| CVE-2012-2050 | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and M... | S | |
| CVE-2012-2051 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-2052 | Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 ... | E | |
| CVE-2012-2053 | The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does... | E | |
| CVE-2012-2054 | Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's at... | | |
| CVE-2012-2055 | GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for... | | |
| CVE-2012-2056 | Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote ... | | |
| CVE-2012-2057 | Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal... | | |
| CVE-2012-2058 | The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to... | | |
| CVE-2012-2059 | Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remo... | | |
| CVE-2012-2060 | Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attacker... | | |
| CVE-2012-2061 | Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote a... | | |
| CVE-2012-2062 | Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attacke... | | |
| CVE-2012-2063 | The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remo... | S | |
| CVE-2012-2064 | Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language ... | S | |
| CVE-2012-2065 | Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x... | S | |
| CVE-2012-2066 | Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEd... | S | |
| CVE-2012-2067 | Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-... | S | |
| CVE-2012-2068 | Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module ... | S | |
| CVE-2012-2069 | Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.... | E S | |
| CVE-2012-2070 | Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x... | E S | |
| CVE-2012-2071 | Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Dru... | S | |
| CVE-2012-2072 | Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3... | S | |
| CVE-2012-2073 | The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for setting... | S | |
| CVE-2012-2074 | Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 f... | S | |
| CVE-2012-2075 | Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupa... | E S | |
| CVE-2012-2076 | Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x... | S | |
| CVE-2012-2077 | Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for D... | S | |
| CVE-2012-2078 | Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.... | | |
| CVE-2012-2079 | A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.... | | |
| CVE-2012-2080 | Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for D... | E S | |
| CVE-2012-2081 | The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, ... | S | |
| CVE-2012-2082 | Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before ... | S | |
| CVE-2012-2083 | Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/... | | |
| CVE-2012-2084 | Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x befor... | S | |
| CVE-2012-2085 | The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote atta... | E S | |
| CVE-2012-2086 | SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim... | E S | |
| CVE-2012-2087 | ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface... | E | |
| CVE-2012-2088 | Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and ear... | | |
| CVE-2012-2089 | Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.... | S | |
| CVE-2012-2090 | Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier all... | | |
| CVE-2012-2091 | Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assis... | | |
| CVE-2012-2092 | A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import s... | E S | |
| CVE-2012-2093 | src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink atta... | | |
| CVE-2012-2094 | Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/stati... | | |
| CVE-2012-2095 | The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to writ... | E | |
| CVE-2012-2096 | The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which... | E S | |
| CVE-2012-2097 | Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2... | E S | |
| CVE-2012-2098 | Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2Com... | | |
| CVE-2012-2099 | Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inj... | E | |
| CVE-2012-2100 | The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 pla... | | |
| CVE-2012-2101 | Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rule... | | |
| CVE-2012-2102 | MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denia... | E | |
| CVE-2012-2103 | The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink a... | | |
| CVE-2012-2104 | cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable char... | E | |
| CVE-2012-2105 | Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attacke... | E | |
| CVE-2012-2106 | Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a f... | | |
| CVE-2012-2107 | Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a... | | |
| CVE-2012-2108 | Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when c... | | |
| CVE-2012-2109 | SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress ... | E S | |
| CVE-2012-2110 | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.... | E | |
| CVE-2012-2111 | The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC pr... | S | |
| CVE-2012-2112 | Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.... | | |
| CVE-2012-2113 | Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a den... | | |
| CVE-2012-2114 | Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent att... | | |
| CVE-2012-2115 | SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlie... | E | |
| CVE-2012-2116 | Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Dr... | S | |
| CVE-2012-2117 | Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.... | S | |
| CVE-2012-2118 | Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows ... | S | |
| CVE-2012-2119 | Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certa... | | |
| CVE-2012-2120 | latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used w... | | |
| CVE-2012-2121 | The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships b... | | |
| CVE-2012-2122 | sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and... | E S | |
| CVE-2012-2123 | The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not pr... | | |
| CVE-2012-2124 | functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does... | | |
| CVE-2012-2125 | RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote atta... | S | |
| CVE-2012-2126 | RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a... | S | |
| CVE-2012-2127 | fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interac... | E S | |
| CVE-2012-2128 | Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remo... | | |
| CVE-2012-2129 | Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote atta... | E | |
| CVE-2012-2130 | A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption e... | | |
| CVE-2012-2131 | Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attacker... | | |
| CVE-2012-2132 | libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-fi... | | |
| CVE-2012-2133 | Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows l... | | |
| CVE-2012-2134 | The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not pr... | S | |
| CVE-2012-2135 | The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling ... | | |
| CVE-2012-2136 | The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not prope... | E S | |
| CVE-2012-2137 | Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows... | | |
| CVE-2012-2138 | The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.... | | |
| CVE-2012-2139 | Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail ... | E S | |
| CVE-2012-2140 | The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell m... | E S | |
| CVE-2012-2141 | Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Ne... | | |
| CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary... | E S | |
| CVE-2012-2143 | The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, Postg... | S | |
| CVE-2012-2144 | Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote at... | E S | |
| CVE-2012-2145 | Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows re... | | |
| CVE-2012-2146 | Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), whi... | | |
| CVE-2012-2147 | munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memor... | | |
| CVE-2012-2148 | An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores jav... | | |
| CVE-2012-2149 | The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used b... | E | |
| CVE-2012-2150 | xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote att... | | |
| CVE-2012-2151 | Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.1... | | |
| CVE-2012-2152 | Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attac... | | |
| CVE-2012-2153 | Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contribute... | S | |
| CVE-2012-2154 | Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attac... | S | |
| CVE-2012-2155 | Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remot... | S | |
| CVE-2012-2156 | Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote atta... | E | |
| CVE-2012-2159 | Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Sourc... | | |
| CVE-2012-2160 | IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user... | S | |
| CVE-2012-2161 | Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as u... | | |
| CVE-2012-2162 | The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HT... | | |
| CVE-2012-2163 | IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated adminis... | | |
| CVE-2012-2164 | The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote ... | | |
| CVE-2012-2165 | IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication ... | | |
| CVE-2012-2166 | IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-1... | | |
| CVE-2012-2167 | The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service... | | |
| CVE-2012-2168 | IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated user... | | |
| CVE-2012-2169 | Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM R... | | |
| CVE-2012-2170 | The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not prope... | | |
| CVE-2012-2171 | SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storag... | | |
| CVE-2012-2172 | Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler ... | E | |
| CVE-2012-2173 | The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the con... | | |
| CVE-2012-2174 | The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary... | | |
| CVE-2012-2175 | Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lot... | | |
| CVE-2012-2176 | Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.... | | |
| CVE-2012-2177 | Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, ... | | |
| CVE-2012-2179 | libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink ... | S | |
| CVE-2012-2180 | The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM ... | | |
| CVE-2012-2181 | Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 bef... | | |
| CVE-2012-2183 | Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud... | | |
| CVE-2012-2184 | Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud... | | |
| CVE-2012-2185 | IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Manage... | | |
| CVE-2012-2186 | Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 a... | S | |
| CVE-2012-2187 | IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier ... | | |
| CVE-2012-2188 | IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 S... | | |
| CVE-2012-2190 | IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server ... | | |
| CVE-2012-2191 | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM ... | S | |
| CVE-2012-2192 | The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users... | | |
| CVE-2012-2193 | Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.... | | |
| CVE-2012-2194 | Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before... | | |
| CVE-2012-2196 | IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote a... | | |
| CVE-2012-2197 | Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, ... | | |
| CVE-2012-2199 | The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before... | | |
| CVE-2012-2200 | The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows l... | | |
| CVE-2012-2201 | IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids... | | |
| CVE-2012-2202 | Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.... | | |
| CVE-2012-2203 | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM ... | | |
| CVE-2012-2204 | InfoSphere Guardium aix_ktap module: DoS... | | |
| CVE-2012-2205 | Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x bef... | | |
| CVE-2012-2206 | The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote ... | E | |
| CVE-2012-2208 | Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to i... | E | |
| CVE-2012-2209 | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote... | E | |
| CVE-2012-2210 | The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration o... | E | |
| CVE-2012-2211 | Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware befo... | E | |
| CVE-2012-2212 | McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT me... | | |
| CVE-2012-2213 | Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by pro... | | |
| CVE-2012-2214 | proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection att... | S | |
| CVE-2012-2215 | Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management... | S | |
| CVE-2012-2216 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6720 and CVE-2012-6721. Reas... | R | |
| CVE-2012-2217 | The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.... | | |
| CVE-2012-2223 | The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x befo... | | |
| CVE-2012-2224 | Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, re... | | |
| CVE-2012-2225 | 360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsi... | | |
| CVE-2012-2226 | Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote att... | | |
| CVE-2012-2227 | Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers... | E | |
| CVE-2012-2230 | Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not ... | | |
| CVE-2012-2234 | Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allow... | | |
| CVE-2012-2235 | Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows ... | E | |
| CVE-2012-2236 | SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated user... | E | |
| CVE-2012-2237 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.... | E S | |
| CVE-2012-2238 | trytond 2.4: ModelView.button fails to validate authorization... | S | |
| CVE-2012-2239 | Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or ... | S | |
| CVE-2012-2240 | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary comman... | | |
| CVE-2012-2241 | scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a ... | | |
| CVE-2012-2242 | scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands v... | | |
| CVE-2012-2243 | Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows ... | S | |
| CVE-2012-2244 | Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execu... | S | |
| CVE-2012-2245 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2246 | Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking att... | | |
| CVE-2012-2247 | Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows ... | S | |
| CVE-2012-2248 | An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.... | | |
| CVE-2012-2249 | Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and d... | | |
| CVE-2012-2250 | Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and d... | | |
| CVE-2012-2251 | rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local ... | | |
| CVE-2012-2252 | Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows ... | | |
| CVE-2012-2253 | Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x... | S | |
| CVE-2012-2254 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2255 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2256 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2257 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2258 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2259 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2260 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2261 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2262 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2263 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2264 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2265 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2266 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-2267 | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before... | | |
| CVE-2012-2268 | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before... | | |
| CVE-2012-2269 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers ... | E | |
| CVE-2012-2270 | Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote... | E | |
| CVE-2012-2271 | Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dl... | E | |
| CVE-2012-2273 | Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a deni... | E | |
| CVE-2012-2274 | Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows... | E | |
| CVE-2012-2275 | Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remot... | E S | |
| CVE-2012-2276 | The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.... | E | |
| CVE-2012-2277 | The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.... | E | |
| CVE-2012-2278 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security... | | |
| CVE-2012-2279 | Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4... | | |
| CVE-2012-2280 | EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do no... | | |
| CVE-2012-2281 | EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly valida... | | |
| CVE-2012-2282 | EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before... | | |
| CVE-2012-2283 | The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network... | | |
| CVE-2012-2284 | The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2... | | |
| CVE-2012-2285 | EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Vir... | | |
| CVE-2012-2286 | Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3... | | |
| CVE-2012-2287 | The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3... | | |
| CVE-2012-2288 | Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1,... | | |
| CVE-2012-2289 | EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 ... | | |
| CVE-2012-2290 | The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and... | | |
| CVE-2012-2291 | EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6... | | |
| CVE-2012-2292 | The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.... | | |
| CVE-2012-2293 | Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x ... | | |
| CVE-2012-2294 | EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers ... | | |
| CVE-2012-2295 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2296 | The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x bef... | S | |
| CVE-2012-2297 | Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.... | | |
| CVE-2012-2298 | Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 fo... | E S | |
| CVE-2012-2299 | The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords fo... | E S | |
| CVE-2012-2300 | Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 an... | E S | |
| CVE-2012-2301 | The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "ad... | S | |
| CVE-2012-2302 | Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the sa... | E S | |
| CVE-2012-2303 | The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages... | E S | |
| CVE-2012-2304 | The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not ch... | S | |
| CVE-2012-2305 | Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and ea... | | |
| CVE-2012-2306 | SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote a... | | |
| CVE-2012-2307 | Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and ear... | | |
| CVE-2012-2308 | Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 an... | | |
| CVE-2012-2309 | Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6... | | |
| CVE-2012-2310 | Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and... | | |
| CVE-2012-2311 | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (ak... | | |
| CVE-2012-2312 | An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementati... | | |
| CVE-2012-2313 | The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does no... | E S | |
| CVE-2012-2314 | The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for ... | S | |
| CVE-2012-2315 | admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges fo... | | |
| CVE-2012-2316 | Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 an... | E | |
| CVE-2012-2317 | The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+... | | |
| CVE-2012-2318 | msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle craft... | E S | |
| CVE-2012-2319 | Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 ... | | |
| CVE-2012-2320 | ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows re... | | |
| CVE-2012-2321 | The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands vi... | | |
| CVE-2012-2322 | Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows r... | | |
| CVE-2012-2323 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2214. Reason: This candida... | R | |
| CVE-2012-2324 | Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote admin... | S | |
| CVE-2012-2325 | SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) i... | S | |
| CVE-2012-2326 | Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoa... | S | |
| CVE-2012-2327 | MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via ... | S | |
| CVE-2012-2328 | internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBL... | | |
| CVE-2012-2329 | Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.... | S | |
| CVE-2012-2330 | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not ... | E S | |
| CVE-2012-2331 | Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Sere... | E S | |
| CVE-2012-2332 | SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows ... | E | |
| CVE-2012-2333 | Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1... | | |
| CVE-2012-2334 | Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and p... | E S | |
| CVE-2012-2335 | php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to b... | | |
| CVE-2012-2336 | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (ak... | | |
| CVE-2012-2337 | sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurati... | | |
| CVE-2012-2338 | SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, a... | E | |
| CVE-2012-2339 | Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal al... | | |
| CVE-2012-2340 | The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive... | S | |
| CVE-2012-2341 | Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 fo... | | |
| CVE-2012-2342 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5097. Reason: This candida... | R | |
| CVE-2012-2343 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5098. Reason: This candida... | R | |
| CVE-2012-2344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candida... | R | |
| CVE-2012-2345 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5100. Reason: This candida... | R | |
| CVE-2012-2346 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5101. Reason: This candida... | R | |
| CVE-2012-2347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5102. Reason: This candida... | R | |
| CVE-2012-2348 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5103. Reason: This candida... | R | |
| CVE-2012-2349 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5104. Reason: This candida... | R | |
| CVE-2012-2350 | pam_shield before 0.9.4: Default configuration does not perform protective action... | S | |
| CVE-2012-2351 | The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username at... | S | |
| CVE-2012-2352 | The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not ... | | |
| CVE-2012-2353 | Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensiti... | | |
| CVE-2012-2354 | Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moo... | | |
| CVE-2012-2355 | Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass questio... | | |
| CVE-2012-2356 | The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote au... | | |
| CVE-2012-2357 | The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/c... | | |
| CVE-2012-2358 | Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated us... | | |
| CVE-2012-2359 | admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 al... | | |
| CVE-2012-2360 | Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x b... | | |
| CVE-2012-2361 | Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implement... | | |
| CVE-2012-2362 | Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x ... | | |
| CVE-2012-2363 | SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x bef... | | |
| CVE-2012-2364 | Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x befo... | | |
| CVE-2012-2365 | Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x... | | |
| CVE-2012-2366 | mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate th... | | |
| CVE-2012-2367 | Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows re... | | |
| CVE-2012-2368 | Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote at... | E S | |
| CVE-2012-2369 | Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Mes... | S | |
| CVE-2012-2370 | Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.... | E S | |
| CVE-2012-2371 | Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress a... | E | |
| CVE-2012-2372 | The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implem... | | |
| CVE-2012-2373 | The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled,... | S | |
| CVE-2012-2374 | CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before... | | |
| CVE-2012-2375 | The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux k... | E S | |
| CVE-2012-2376 | Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote... | E | |
| CVE-2012-2377 | JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.... | | |
| CVE-2012-2378 | Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enfor... | | |
| CVE-2012-2379 | Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token s... | S | |
| CVE-2012-2380 | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Rol... | | |
| CVE-2012-2381 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authe... | | |
| CVE-2012-2382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1930. Reason: This candida... | R | |
| CVE-2012-2383 | Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c ... | E S | |
| CVE-2012-2384 | Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.... | S | |
| CVE-2012-2385 | The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of ... | S | |
| CVE-2012-2386 | Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3... | E | |
| CVE-2012-2387 | devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier f... | | |
| CVE-2012-2388 | The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication vi... | | |
| CVE-2012-2389 | hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostap... | | |
| CVE-2012-2390 | Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of... | E S | |
| CVE-2012-2391 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2942. Reason: This candida... | R | |
| CVE-2012-2392 | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of se... | | |
| CVE-2012-2393 | epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6... | S | |
| CVE-2012-2394 | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not pro... | S | |
| CVE-2012-2395 | Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to ex... | E S | |
| CVE-2012-2396 | VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero... | E | |
| CVE-2012-2397 | Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to ... | | |
| CVE-2012-2398 | Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows ... | | |
| CVE-2012-2399 | Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used ... | S | |
| CVE-2012-2400 | Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impac... | S | |
| CVE-2012-2401 | Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other produ... | S | |
| CVE-2012-2402 | wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to by... | S | |
| CVE-2012-2403 | wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attri... | S | |
| CVE-2012-2404 | wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for... | S | |
| CVE-2012-2405 | Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecif... | | |
| CVE-2012-2406 | RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly par... | | |
| CVE-2012-2407 | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Ma... | | |
| CVE-2012-2408 | The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac Re... | | |
| CVE-2012-2409 | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Ma... | | |
| CVE-2012-2410 | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Ma... | | |
| CVE-2012-2411 | Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, al... | | |
| CVE-2012-2412 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4531. Reason: This candidate... | R | |
| CVE-2012-2413 | Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier al... | E | |
| CVE-2012-2414 | main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x befor... | S | |
| CVE-2012-2415 | Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6... | S | |
| CVE-2012-2416 | chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 1... | S | |
| CVE-2012-2417 | PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to gener... | E S | |
| CVE-2012-2418 | Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han... | E | |
| CVE-2012-2419 | Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAs... | E | |
| CVE-2012-2420 | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggablePro... | E | |
| CVE-2012-2421 | Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Pr... | | |
| CVE-2012-2422 | Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via ... | E | |
| CVE-2012-2423 | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggablePro... | E | |
| CVE-2012-2424 | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggablePro... | E | |
| CVE-2012-2425 | The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggablePro... | E | |
| CVE-2012-2426 | The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers t... | S | |
| CVE-2012-2427 | Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute a... | S | |
| CVE-2012-2428 | Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary c... | S | |
| CVE-2012-2429 | The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers ... | S | |
| CVE-2012-2435 | Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote auth... | E | |
| CVE-2012-2436 | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers... | | |
| CVE-2012-2437 | cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows re... | E | |
| CVE-2012-2438 | ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submit... | E | |
| CVE-2012-2439 | The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration o... | | |
| CVE-2012-2440 | The default configuration of the TP-Link 8840T router enables web-based administration on the WAN in... | | |
| CVE-2012-2441 | RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived fro... | E | |
| CVE-2012-2442 | Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attacker... | E | |
| CVE-2012-2446 | Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netswee... | E | |
| CVE-2012-2447 | Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal... | E | |
| CVE-2012-2448 | VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code... | | |
| CVE-2012-2449 | VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2... | | |
| CVE-2012-2450 | VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2,... | | |
| CVE-2012-2451 | The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, whi... | E S | |
| CVE-2012-2452 | Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attac... | E | |
| CVE-2012-2455 | Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which ... | | |
| CVE-2012-2456 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-5174. Reason: This candida... | R | |
| CVE-2012-2459 | Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x befor... | | |
| CVE-2012-2469 | Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) po... | | |
| CVE-2012-2472 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP ins... | | |
| CVE-2012-2474 | Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 throug... | | |
| CVE-2012-2486 | The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9... | | |
| CVE-2012-2488 | Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers ... | | |
| CVE-2012-2490 | Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List vi... | | |
| CVE-2012-2493 | The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Clien... | | |
| CVE-2012-2494 | The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Clien... | | |
| CVE-2012-2495 | The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8... | | |
| CVE-2012-2496 | A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConn... | | |
| CVE-2012-2497 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3497, CVE-2012-6400. Reaso... | R | |
| CVE-2012-2498 | Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication ma... | | |
| CVE-2012-2499 | The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not ve... | | |
| CVE-2012-2500 | Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in... | | |
| CVE-2012-2511 | The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher... | E | |
| CVE-2012-2512 | The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatch... | E | |
| CVE-2012-2513 | The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in S... | E | |
| CVE-2012-2514 | The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatch... | E | |
| CVE-2012-2515 | Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.31... | E | |
| CVE-2012-2516 | An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used ... | | |
| CVE-2012-2517 | Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to injec... | E | |
| CVE-2012-2518 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2519 | Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 S... | | |
| CVE-2012-2520 | Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Commun... | | |
| CVE-2012-2521 | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem... | | |
| CVE-2012-2522 | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem... | | |
| CVE-2012-2523 | Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit pla... | | |
| CVE-2012-2524 | Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or ... | | |
| CVE-2012-2525 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2526 | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly proce... | | |
| CVE-2012-2527 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 an... | | |
| CVE-2012-2528 | Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer... | | |
| CVE-2012-2529 | Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows... | | |
| CVE-2012-2530 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 an... | | |
| CVE-2012-2531 | Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, whi... | | |
| CVE-2012-2532 | Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified comm... | | |
| CVE-2012-2533 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2534 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2535 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2536 | Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System ... | | |
| CVE-2012-2537 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2538 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2539 | Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 ... | KEV S | |
| CVE-2012-2540 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2541 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2542 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2543 | Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; E... | | |
| CVE-2012-2544 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2545 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2546 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb... | | |
| CVE-2012-2547 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2548 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb... | | |
| CVE-2012-2549 | The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate ... | | |
| CVE-2012-2550 | Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (he... | | |
| CVE-2012-2551 | The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, a... | | |
| CVE-2012-2552 | Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 20... | | |
| CVE-2012-2553 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, W... | | |
| CVE-2012-2554 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-2556 | The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo... | | |
| CVE-2012-2557 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to e... | | |
| CVE-2012-2559 | WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2012-2560 | Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitr... | S | |
| CVE-2012-2561 | HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, wh... | | |
| CVE-2012-2562 | The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS co... | | |
| CVE-2012-2563 | Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) r... | | |
| CVE-2012-2564 | Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx ... | | |
| CVE-2012-2565 | Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which m... | | |
| CVE-2012-2566 | Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-... | | |
| CVE-2012-2567 | The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which al... | | |
| CVE-2012-2568 | d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device a... | | |
| CVE-2012-2569 | Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows rem... | E | |
| CVE-2012-2570 | Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attack... | E | |
| CVE-2012-2571 | Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attack... | E | |
| CVE-2012-2572 | Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordP... | E S | |
| CVE-2012-2573 | Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attacker... | E | |
| CVE-2012-2574 | SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ... | | |
| CVE-2012-2575 | Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject... | E | |
| CVE-2012-2576 | SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, Sol... | E | |
| CVE-2012-2577 | Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor ... | E | |
| CVE-2012-2578 | Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inj... | E | |
| CVE-2012-2579 | Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress ... | E | |
| CVE-2012-2580 | Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for... | E | |
| CVE-2012-2582 | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2... | E | |
| CVE-2012-2583 | Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress all... | E | |
| CVE-2012-2584 | Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attack... | E | |
| CVE-2012-2585 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remot... | E | |
| CVE-2012-2586 | Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers t... | E | |
| CVE-2012-2587 | Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote att... | E | |
| CVE-2012-2588 | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attack... | E | |
| CVE-2012-2589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4344. Reason: This candida... | R | |
| CVE-2012-2590 | Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 ... | E | |
| CVE-2012-2591 | Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3... | E | |
| CVE-2012-2592 | Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inje... | E | |
| CVE-2012-2593 | Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.... | E | |
| CVE-2012-2595 | Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC... | | |
| CVE-2012-2596 | The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 doe... | | |
| CVE-2012-2597 | Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote a... | | |
| CVE-2012-2598 | Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote ... | | |
| CVE-2012-2599 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3835. Reason: This issue was... | R | |
| CVE-2012-2601 | SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote att... | E | |
| CVE-2012-2602 | Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance M... | E | |
| CVE-2012-2603 | The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileg... | | |
| CVE-2012-2604 | Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor acces... | | |
| CVE-2012-2605 | Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradfo... | | |
| CVE-2012-2606 | The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, whic... | | |
| CVE-2012-2607 | The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote atta... | | |
| CVE-2012-2611 | The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.1... | E | |
| CVE-2012-2612 | The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher i... | E | |
| CVE-2012-2614 | Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote at... | E | |
| CVE-2012-2615 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5703. Reason: This candida... | R | |
| CVE-2012-2619 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyoce... | E | |
| CVE-2012-2624 | Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (... | | |
| CVE-2012-2625 | The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows ... | | |
| CVE-2012-2626 | cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9... | E | |
| CVE-2012-2627 | d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.... | | |
| CVE-2012-2629 | Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1... | E | |
| CVE-2012-2630 | The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter c... | | |
| CVE-2012-2631 | Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB Shop... | | |
| CVE-2012-2632 | SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 throu... | | |
| CVE-2012-2633 | Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordP... | | |
| CVE-2012-2634 | Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is en... | | |
| CVE-2012-2635 | The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Andro... | | |
| CVE-2012-2636 | Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attack... | | |
| CVE-2012-2637 | Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote a... | | |
| CVE-2012-2638 | Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote atta... | | |
| CVE-2012-2639 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candida... | R | |
| CVE-2012-2640 | The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to... | S | |
| CVE-2012-2641 | Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject ... | | |
| CVE-2012-2642 | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type ... | | |
| CVE-2012-2643 | Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to ... | | |
| CVE-2012-2644 | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type ... | | |
| CVE-2012-2645 | The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implemen... | S | |
| CVE-2012-2646 | The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.... | | |
| CVE-2012-2647 | Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the confi... | | |
| CVE-2012-2648 | Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad,... | | |
| CVE-2012-2649 | The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.... | | |
| CVE-2012-2652 | The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, whe... | | |
| CVE-2012-2653 | arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop sup... | | |
| CVE-2012-2654 | The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo ... | E S | |
| CVE-2012-2655 | PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allo... | | |
| CVE-2012-2656 | An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, whic... | S | |
| CVE-2012-2657 | Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local... | | |
| CVE-2012-2658 | Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a den... | | |
| CVE-2012-2659 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-2660 | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, a... | E | |
| CVE-2012-2661 | The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x befo... | E | |
| CVE-2012-2662 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.... | | |
| CVE-2012-2663 | extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules,... | S | |
| CVE-2012-2664 | The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user passwor... | | |
| CVE-2012-2665 | Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in Ope... | | |
| CVE-2012-2666 | golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.g... | E S | |
| CVE-2012-2667 | Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony befor... | | |
| CVE-2012-2668 | libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backe... | | |
| CVE-2012-2669 | The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel befo... | | |
| CVE-2012-2670 | manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenti... | | |
| CVE-2012-2671 | The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allow... | | |
| CVE-2012-2672 | Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which a... | E | |
| CVE-2012-2673 | Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and th... | E S | |
| CVE-2012-2674 | Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions i... | E S | |
| CVE-2012-2675 | Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in n... | E S | |
| CVE-2012-2676 | Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it ea... | | |
| CVE-2012-2677 | Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 make... | E S | |
| CVE-2012-2678 | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the passw... | | |
| CVE-2012-2679 | Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak perm... | | |
| CVE-2012-2680 | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does n... | E | |
| CVE-2012-2681 | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses p... | E | |
| CVE-2012-2682 | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with cer... | | |
| CVE-2012-2683 | Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Ent... | | |
| CVE-2012-2684 | Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin befo... | | |
| CVE-2012-2685 | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows... | E | |
| CVE-2012-2686 | crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations ... | | |
| CVE-2012-2687 | Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotia... | | |
| CVE-2012-2688 | Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP be... | | |
| CVE-2012-2689 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-2690 | virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and s... | | |
| CVE-2012-2691 | The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check ... | E S | |
| CVE-2012-2692 | MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security... | S | |
| CVE-2012-2693 | libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multi... | S | |
| CVE-2012-2694 | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, a... | E | |
| CVE-2012-2695 | The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2... | E | |
| CVE-2012-2696 | The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check... | | |
| CVE-2012-2697 | Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local user... | | |
| CVE-2012-2698 | Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in ... | E S | |
| CVE-2012-2699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2339. Reason: This candida... | R | |
| CVE-2012-2700 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2340. Reason: This candida... | R | |
| CVE-2012-2701 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2341. Reason: This candida... | R | |
| CVE-2012-2702 | The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access fo... | E S | |
| CVE-2012-2703 | Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drup... | E S | |
| CVE-2012-2704 | The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debu... | E S | |
| CVE-2012-2705 | The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not... | S | |
| CVE-2012-2706 | Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows re... | | |
| CVE-2012-2707 | The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do... | E S | |
| CVE-2012-2708 | Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/... | E S | |
| CVE-2012-2709 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2907. Reason: This candida... | R | |
| CVE-2012-2710 | Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "... | S | |
| CVE-2012-2711 | Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1... | E S | |
| CVE-2012-2712 | Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 ... | E S | |
| CVE-2012-2713 | Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x be... | E S | |
| CVE-2012-2714 | The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to ... | | |
| CVE-2012-2715 | Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou ... | E S | |
| CVE-2012-2716 | Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-... | E S | |
| CVE-2012-2717 | Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.... | E S | |
| CVE-2012-2718 | SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbi... | | |
| CVE-2012-2719 | The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different brows... | S | |
| CVE-2012-2720 | The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly reve... | S | |
| CVE-2012-2721 | The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properl... | E S | |
| CVE-2012-2722 | The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x befor... | E S | |
| CVE-2012-2723 | Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal all... | E S | |
| CVE-2012-2724 | The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-... | | |
| CVE-2012-2725 | classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for... | E S | |
| CVE-2012-2726 | Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x bef... | E S | |
| CVE-2012-2727 | Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synch... | S | |
| CVE-2012-2728 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x befo... | E S | |
| CVE-2012-2729 | Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6... | S | |
| CVE-2012-2730 | The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access w... | S | |
| CVE-2012-2731 | The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript... | E S | |
| CVE-2012-2732 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2021. Reason: This candida... | R | |
| CVE-2012-2733 | java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat... | | |
| CVE-2012-2734 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red ... | E | |
| CVE-2012-2735 | Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Re... | | |
| CVE-2012-2736 | In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc m... | E S | |
| CVE-2012-2737 | The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService ... | E S | |
| CVE-2012-2738 | The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a d... | E | |
| CVE-2012-2739 | Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes ... | E | |
| CVE-2012-2740 | SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attac... | E S | |
| CVE-2012-2741 | Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allow... | E S | |
| CVE-2012-2742 | Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequen... | | |
| CVE-2012-2743 | Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, ... | | |
| CVE-2012-2744 | net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv... | S | |
| CVE-2012-2745 | The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replac... | S | |
| CVE-2012-2746 | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the passwo... | | |
| CVE-2012-2747 | Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges v... | | |
| CVE-2012-2748 | Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive ... | | |
| CVE-2012-2749 | MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denia... | | |
| CVE-2012-2750 | Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related... | | |
| CVE-2012-2751 | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the begi... | | |
| CVE-2012-2752 | Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to g... | | |
| CVE-2012-2753 | Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Poin... | S | |
| CVE-2012-2759 | Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-wi... | | |
| CVE-2012-2760 | mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, w... | E | |
| CVE-2012-2762 | SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remo... | | |
| CVE-2012-2763 | Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.1... | E S | |
| CVE-2012-2764 | Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow loca... | | |
| CVE-2012-2768 | Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM ext... | S | |
| CVE-2012-2769 | Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extensio... | S | |
| CVE-2012-2770 | The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attacke... | S | |
| CVE-2012-2771 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different... | | |
| CVE-2012-2772 | Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before... | | |
| CVE-2012-2773 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different... | | |
| CVE-2012-2774 | The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attack... | | |
| CVE-2012-2775 | Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg befor... | | |
| CVE-2012-2776 | Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0... | | |
| CVE-2012-2777 | Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, ... | | |
| CVE-2012-2778 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different... | | |
| CVE-2012-2779 | Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11,... | | |
| CVE-2012-2780 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different... | | |
| CVE-2012-2781 | Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different... | | |
| CVE-2012-2782 | Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before ... | | |
| CVE-2012-2783 | Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 a... | | |
| CVE-2012-2784 | Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, ... | | |
| CVE-2012-2785 | Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unkno... | | |
| CVE-2012-2786 | Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and... | | |
| CVE-2012-2787 | Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 ... | | |
| CVE-2012-2788 | Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0... | | |
| CVE-2012-2789 | Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0... | | |
| CVE-2012-2790 | Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg befor... | | |
| CVE-2012-2791 | Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_... | | |
| CVE-2012-2792 | Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg befor... | | |
| CVE-2012-2793 | Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpe... | | |
| CVE-2012-2794 | Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.1... | | |
| CVE-2012-2795 | Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unkno... | | |
| CVE-2012-2796 | Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0... | | |
| CVE-2012-2797 | Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg... | | |
| CVE-2012-2798 | Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and... | | |
| CVE-2012-2799 | Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact an... | | |
| CVE-2012-2800 | Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FF... | | |
| CVE-2012-2801 | Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 an... | | |
| CVE-2012-2802 | Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0... | | |
| CVE-2012-2803 | Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before ... | | |
| CVE-2012-2804 | Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 ... | | |
| CVE-2012-2805 | Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.... | | |
| CVE-2012-2806 | Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remot... | | |
| CVE-2012-2807 | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other produc... | | |
| CVE-2012-2808 | The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time ... | | |
| CVE-2012-2812 | The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) befo... | | |
| CVE-2012-2813 | The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif... | | |
| CVE-2012-2814 | Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Libr... | | |
| CVE-2012-2815 | Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive informatio... | | |
| CVE-2012-2816 | Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which mi... | | |
| CVE-2012-2817 | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a... | | |
| CVE-2012-2818 | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a... | | |
| CVE-2012-2819 | The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does no... | | |
| CVE-2012-2820 | Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attac... | | |
| CVE-2012-2821 | The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, whi... | | |
| CVE-2012-2822 | The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial... | | |
| CVE-2012-2823 | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a... | | |
| CVE-2012-2824 | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a... | | |
| CVE-2012-2825 | The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denia... | | |
| CVE-2012-2826 | Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remot... | | |
| CVE-2012-2827 | Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attac... | | |
| CVE-2012-2828 | Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remot... | | |
| CVE-2012-2829 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef... | | |
| CVE-2012-2830 | Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers ... | | |
| CVE-2012-2831 | Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a... | | |
| CVE-2012-2832 | The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does no... | | |
| CVE-2012-2833 | Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows r... | | |
| CVE-2012-2834 | Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of s... | | |
| CVE-2012-2836 | The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before... | | |
| CVE-2012-2837 | The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing ... | | |
| CVE-2012-2840 | Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing ... | | |
| CVE-2012-2841 | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Libra... | | |
| CVE-2012-2842 | Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a... | | |
| CVE-2012-2843 | Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a... | | |
| CVE-2012-2844 | The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code,... | | |
| CVE-2012-2845 | Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows... | | |
| CVE-2012-2846 | Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allow... | | |
| CVE-2012-2847 | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chro... | | |
| CVE-2012-2848 | The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and bef... | | |
| CVE-2012-2849 | Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and ... | | |
| CVE-2012-2850 | Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 o... | | |
| CVE-2012-2851 | Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X... | | |
| CVE-2012-2852 | The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.11... | | |
| CVE-2012-2853 | The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.... | | |
| CVE-2012-2854 | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chro... | | |
| CVE-2012-2855 | Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS... | | |
| CVE-2012-2856 | The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.11... | | |
| CVE-2012-2857 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome... | | |
| CVE-2012-2858 | Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and ... | | |
| CVE-2012-2859 | Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attack... | | |
| CVE-2012-2860 | The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and befor... | | |
| CVE-2012-2862 | Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows re... | | |
| CVE-2012-2863 | The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial... | | |
| CVE-2012-2864 | Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and... | | |
| CVE-2012-2865 | Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attac... | | |
| CVE-2012-2866 | Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during... | | |
| CVE-2012-2867 | The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a deni... | | |
| CVE-2012-2868 | Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of ser... | | |
| CVE-2012-2869 | Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to caus... | | |
| CVE-2012-2870 | libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage m... | | |
| CVE-2012-2871 | libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly suppo... | | |
| CVE-2012-2872 | Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.11... | | |
| CVE-2012-2874 | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of ser... | | |
| CVE-2012-2875 | Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 a... | | |
| CVE-2012-2876 | Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows r... | | |
| CVE-2012-2877 | The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, wh... | | |
| CVE-2012-2878 | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a... | | |
| CVE-2012-2879 | Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology... | | |
| CVE-2012-2880 | Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of ser... | | |
| CVE-2012-2881 | Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers t... | | |
| CVE-2012-2882 | FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which... | | |
| CVE-2012-2883 | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of ser... | | |
| CVE-2012-2884 | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of ser... | | |
| CVE-2012-2885 | Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a de... | | |
| CVE-2012-2886 | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attacker... | | |
| CVE-2012-2887 | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a... | | |
| CVE-2012-2888 | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a... | | |
| CVE-2012-2889 | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attacker... | | |
| CVE-2012-2890 | Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows re... | | |
| CVE-2012-2891 | The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially s... | | |
| CVE-2012-2892 | Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the... | | |
| CVE-2012-2893 | Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote at... | | |
| CVE-2012-2894 | Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which a... | | |
| CVE-2012-2895 | The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial... | | |
| CVE-2012-2896 | Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows... | | |
| CVE-2012-2897 | The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista ... | | |
| CVE-2012-2898 | Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibo... | | |
| CVE-2012-2899 | Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigg... | | |
| CVE-2012-2900 | Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remo... | | |
| CVE-2012-2901 | Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) comp... | | |
| CVE-2012-2902 | Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content E... | | |
| CVE-2012-2903 | Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote... | E | |
| CVE-2012-2904 | player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) a... | E | |
| CVE-2012-2905 | Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with ... | E | |
| CVE-2012-2906 | Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp... | E | |
| CVE-2012-2907 | Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the ... | | |
| CVE-2012-2908 | Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attacke... | E | |
| CVE-2012-2909 | Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to in... | E | |
| CVE-2012-2910 | Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote a... | | |
| CVE-2012-2911 | Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows re... | E | |
| CVE-2012-2912 | Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress al... | E | |
| CVE-2012-2913 | Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow ... | E | |
| CVE-2012-2914 | Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attack... | E | |
| CVE-2012-2915 | Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers t... | | |
| CVE-2012-2916 | Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for... | E S | |
| CVE-2012-2917 | Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows ... | E | |
| CVE-2012-2918 | Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attack... | E | |
| CVE-2012-2919 | Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to... | E | |
| CVE-2012-2920 | Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in... | | |
| CVE-2012-2921 | Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to ... | | |
| CVE-2012-2922 | The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attacke... | E | |
| CVE-2012-2923 | SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers ... | E | |
| CVE-2012-2924 | PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G al... | E | |
| CVE-2012-2925 | SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to exec... | E | |
| CVE-2012-2926 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; Fish... | S | |
| CVE-2012-2927 | The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassia... | S | |
| CVE-2012-2928 | The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not... | M | |
| CVE-2012-2930 | Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allo... | E | |
| CVE-2012-2931 | PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privi... | E | |
| CVE-2012-2932 | Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remot... | E | |
| CVE-2012-2934 | Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect agai... | S | |
| CVE-2012-2935 | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/... | | |
| CVE-2012-2936 | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers... | | |
| CVE-2012-2937 | Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute a... | | |
| CVE-2012-2938 | Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers... | E | |
| CVE-2012-2939 | Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticat... | E | |
| CVE-2012-2940 | MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application cr... | E | |
| CVE-2012-2941 | Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remo... | E | |
| CVE-2012-2942 | Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, wh... | | |
| CVE-2012-2943 | CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inje... | | |
| CVE-2012-2944 | Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) bef... | E | |
| CVE-2012-2945 | Hadoop 1.0.3 contains a symlink vulnerability.... | E | |
| CVE-2012-2947 | chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Ast... | | |
| CVE-2012-2948 | chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.1... | | |
| CVE-2012-2949 | The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 pass... | | |
| CVE-2012-2950 | Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability whi... | | |
| CVE-2012-2951 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6587. Reason: This candida... | R | |
| CVE-2012-2952 | SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to exec... | E | |
| CVE-2012-2953 | The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to exec... | | |
| CVE-2012-2955 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotu... | | |
| CVE-2012-2956 | SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arb... | E | |
| CVE-2012-2957 | The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain priv... | | |
| CVE-2012-2959 | Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identi... | E | |
| CVE-2012-2960 | Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector applia... | | |
| CVE-2012-2961 | SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ... | | |
| CVE-2012-2962 | SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scruti... | E | |
| CVE-2012-2963 | The administrative interface in the embedded web server on the BreakingPoint Storm appliance before ... | | |
| CVE-2012-2964 | The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a sessi... | | |
| CVE-2012-2965 | Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characte... | | |
| CVE-2012-2966 | Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal ... | | |
| CVE-2012-2967 | Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals si... | | |
| CVE-2012-2968 | Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows r... | | |
| CVE-2012-2969 | Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended re... | | |
| CVE-2012-2970 | The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (... | | |
| CVE-2012-2971 | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC reques... | | |
| CVE-2012-2972 | The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not ... | | |
| CVE-2012-2974 | The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and o... | | |
| CVE-2012-2975 | Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0... | | |
| CVE-2012-2976 | The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to exec... | | |
| CVE-2012-2977 | The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to chan... | | |
| CVE-2012-2978 | query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attac... | | |
| CVE-2012-2979 | FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and ... | | |
| CVE-2012-2980 | The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide,... | | |
| CVE-2012-2981 | Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a craf... | S | |
| CVE-2012-2982 | file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary com... | E S | |
| CVE-2012-2983 | file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showin... | S | |
| CVE-2012-2984 | Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Ga... | E | |
| CVE-2012-2985 | Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows r... | | |
| CVE-2012-2986 | lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated... | | |
| CVE-2012-2990 | The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, ... | S | |
| CVE-2012-2991 | The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant befo... | | |
| CVE-2012-2993 | Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of... | | |
| CVE-2012-2994 | The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the app... | | |
| CVE-2012-2995 | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suit... | | |
| CVE-2012-2996 | Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan M... | E | |
| CVE-2012-2997 | XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 ... | E | |
| CVE-2012-2998 | SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before ... | S | |
| CVE-2012-2999 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Serv... | |