| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2012-4000 | Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_s... | E | |
| CVE-2012-4001 | The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its ho... | | |
| CVE-2012-4002 | Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote att... | | |
| CVE-2012-4003 | Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote ... | | |
| CVE-2012-4004 | Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sl... | | |
| CVE-2012-4005 | The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit inte... | | |
| CVE-2012-4006 | The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta ap... | | |
| CVE-2012-4007 | The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive ... | | |
| CVE-2012-4008 | The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitra... | | |
| CVE-2012-4009 | The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attacke... | | |
| CVE-2012-4010 | Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph charac... | | |
| CVE-2012-4011 | The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary J... | | |
| CVE-2012-4012 | The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers t... | | |
| CVE-2012-4013 | The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows... | | |
| CVE-2012-4014 | Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attacke... | | |
| CVE-2012-4015 | Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for... | | |
| CVE-2012-4016 | The ATOK application before 1.0.4 for Android allows remote attackers to read the learning informati... | | |
| CVE-2012-4017 | The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, ... | | |
| CVE-2012-4018 | Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows rem... | | |
| CVE-2012-4019 | Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS... | | |
| CVE-2012-4020 | MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenti... | | |
| CVE-2012-4021 | MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authent... | | |
| CVE-2012-4022 | Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted ... | | |
| CVE-2012-4023 | CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP... | | |
| CVE-2012-4024 | Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs ... | | |
| CVE-2012-4025 | Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlie... | | |
| CVE-2012-4026 | The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigg... | | |
| CVE-2012-4027 | Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read fi... | | |
| CVE-2012-4028 | Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent... | | |
| CVE-2012-4029 | Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 all... | E S | |
| CVE-2012-4030 | Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which... | | |
| CVE-2012-4031 | Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 ... | E | |
| CVE-2012-4032 | Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers... | E | |
| CVE-2012-4033 | Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have ... | | |
| CVE-2012-4034 | Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary ... | E | |
| CVE-2012-4035 | The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary u... | E | |
| CVE-2012-4036 | Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to... | E | |
| CVE-2012-4037 | Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 al... | E S | |
| CVE-2012-4043 | Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Pr... | E | |
| CVE-2012-4045 | Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attack... | | |
| CVE-2012-4046 | The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a... | | |
| CVE-2012-4048 | The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allow... | | |
| CVE-2012-4049 | epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6... | E S | |
| CVE-2012-4050 | Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsun... | | |
| CVE-2012-4051 | Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software ... | E | |
| CVE-2012-4052 | Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, al... | | |
| CVE-2012-4053 | Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 a... | | |
| CVE-2012-4054 | Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically... | E | |
| CVE-2012-4055 | SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitr... | E | |
| CVE-2012-4056 | SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute... | E | |
| CVE-2012-4057 | Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrar... | E | |
| CVE-2012-4058 | Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject a... | E | |
| CVE-2012-4059 | Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows... | E | |
| CVE-2012-4060 | Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute ar... | E | |
| CVE-2012-4061 | Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitra... | E | |
| CVE-2012-4063 | The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XM... | | |
| CVE-2012-4064 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services message... | | |
| CVE-2012-4065 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services message... | | |
| CVE-2012-4066 | The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures... | | |
| CVE-2012-4067 | Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thre... | | |
| CVE-2012-4068 | Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, ... | S | |
| CVE-2012-4069 | Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which ... | | |
| CVE-2012-4070 | SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to e... | E | |
| CVE-2012-4071 | Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) c... | S | |
| CVE-2012-4072 | The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, w... | | |
| CVE-2012-4073 | The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certif... | | |
| CVE-2012-4074 | The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Comput... | | |
| CVE-2012-4075 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metachara... | | |
| CVE-2012-4076 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metachara... | | |
| CVE-2012-4077 | Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e optio... | | |
| CVE-2012-4078 | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly ... | | |
| CVE-2012-4079 | The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) all... | | |
| CVE-2012-4080 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4081 | MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local use... | | |
| CVE-2012-4082 | MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local user... | | |
| CVE-2012-4083 | Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS... | | |
| CVE-2012-4084 | Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interc... | | |
| CVE-2012-4085 | The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controll... | | |
| CVE-2012-4086 | A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote... | | |
| CVE-2012-4087 | A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allow... | | |
| CVE-2012-4088 | The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified u... | | |
| CVE-2012-4089 | MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to exe... | | |
| CVE-2012-4090 | The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to o... | | |
| CVE-2012-4091 | The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine r... | | |
| CVE-2012-4092 | The management interface in the Central Software component in Cisco Unified Computing System (UCS) d... | | |
| CVE-2012-4093 | The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial o... | | |
| CVE-2012-4094 | Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing... | | |
| CVE-2012-4095 | The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) a... | | |
| CVE-2012-4096 | The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System... | | |
| CVE-2012-4097 | The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allo... | | |
| CVE-2012-4098 | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attacke... | | |
| CVE-2012-4099 | The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attacke... | | |
| CVE-2012-4100 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4101 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4102 | The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System... | | |
| CVE-2012-4103 | ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows loca... | | |
| CVE-2012-4104 | Absolute path traversal vulnerability in the image-download process in the fabric-interconnect compo... | | |
| CVE-2012-4105 | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to caus... | | |
| CVE-2012-4106 | The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege le... | | |
| CVE-2012-4107 | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain... | | |
| CVE-2012-4108 | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain... | | |
| CVE-2012-4109 | The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS... | | |
| CVE-2012-4110 | run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local... | | |
| CVE-2012-4111 | The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (U... | | |
| CVE-2012-4112 | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users... | | |
| CVE-2012-4113 | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain... | | |
| CVE-2012-4114 | The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video da... | | |
| CVE-2012-4115 | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtu... | | |
| CVE-2012-4116 | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media... | | |
| CVE-2012-4117 | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X... | | |
| CVE-2012-4118 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4120 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4121 | Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (... | | |
| CVE-2012-4122 | The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwri... | | |
| CVE-2012-4123 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4124 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4125 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4127 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4128 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4129 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4130 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4131 | Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files... | | |
| CVE-2012-4132 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4133 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4134 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4135 | Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to... | | |
| CVE-2012-4136 | The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System... | | |
| CVE-2012-4137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4138 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4139 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4140 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4141 | Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbi... | | |
| CVE-2012-4142 | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores ... | | |
| CVE-2012-4143 | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows u... | | |
| CVE-2012-4144 | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not... | | |
| CVE-2012-4145 | Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befor... | | |
| CVE-2012-4146 | Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a cr... | | |
| CVE-2012-4147 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4148 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4149 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4150 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4151 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4152 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4153 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4154 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4155 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4156 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4157 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4158 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4159 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4160 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attac... | S | |
| CVE-2012-4161 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to exec... | S | |
| CVE-2012-4162 | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to exec... | S | |
| CVE-2012-4163 | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 1... | S | |
| CVE-2012-4164 | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 1... | S | |
| CVE-2012-4165 | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 1... | S | |
| CVE-2012-4166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4165. Reason: This candida... | R | |
| CVE-2012-4167 | Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows an... | S | |
| CVE-2012-4168 | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 1... | S | |
| CVE-2012-4169 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4170 | Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitra... | | |
| CVE-2012-4171 | Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 1... | | |
| CVE-2012-4172 | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary co... | S | |
| CVE-2012-4173 | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary co... | S | |
| CVE-2012-4174 | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary co... | S | |
| CVE-2012-4175 | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary co... | S | |
| CVE-2012-4176 | Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary ... | S | |
| CVE-2012-4177 | The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrar... | E | |
| CVE-2012-4178 | SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.1... | E | |
| CVE-2012-4179 | Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox... | | |
| CVE-2012-4180 | Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firef... | | |
| CVE-2012-4181 | Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox ... | | |
| CVE-2012-4182 | Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 1... | | |
| CVE-2012-4183 | Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox bef... | | |
| CVE-2012-4184 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x befo... | | |
| CVE-2012-4185 | Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.... | | |
| CVE-2012-4186 | Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 1... | | |
| CVE-2012-4187 | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ES... | | |
| CVE-2012-4188 | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 1... | | |
| CVE-2012-4189 | Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4... | E S | |
| CVE-2012-4190 | The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Fire... | | |
| CVE-2012-4191 | The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Fire... | S | |
| CVE-2012-4192 | Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same... | E | |
| CVE-2012-4193 | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbir... | E S | |
| CVE-2012-4194 | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbi... | E S | |
| CVE-2012-4195 | The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10,... | | |
| CVE-2012-4196 | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbi... | E S | |
| CVE-2012-4197 | Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x befo... | E S | |
| CVE-2012-4198 | The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x a... | | |
| CVE-2012-4199 | template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4... | | |
| CVE-2012-4201 | The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Th... | E S | |
| CVE-2012-4202 | Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before... | S | |
| CVE-2012-4203 | The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScrip... | | |
| CVE-2012-4204 | The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird befor... | E S | |
| CVE-2012-4205 | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system pr... | | |
| CVE-2012-4206 | Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR ... | | |
| CVE-2012-4207 | The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before ... | E S | |
| CVE-2012-4208 | The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonke... | S | |
| CVE-2012-4209 | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird E... | S | |
| CVE-2012-4210 | The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not prop... | | |
| CVE-2012-4211 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4212 | Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, ... | | |
| CVE-2012-4213 | Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17... | E S | |
| CVE-2012-4214 | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox bef... | E S | |
| CVE-2012-4215 | Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefo... | E S | |
| CVE-2012-4216 | Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, F... | E S | |
| CVE-2012-4217 | Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox... | E S | |
| CVE-2012-4218 | Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla F... | | |
| CVE-2012-4219 | show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitiv... | E | |
| CVE-2012-4220 | diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver f... | | |
| CVE-2012-4221 | Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) ... | | |
| CVE-2012-4222 | drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for... | | |
| CVE-2012-4223 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-4224 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-4225 | NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary... | | |
| CVE-2012-4226 | Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress ... | E | |
| CVE-2012-4230 | The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1)... | E | |
| CVE-2012-4231 | Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote at... | E S | |
| CVE-2012-4232 | SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to ex... | E S | |
| CVE-2012-4233 | LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote att... | | |
| CVE-2012-4234 | Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (contr... | E | |
| CVE-2012-4235 | The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html f... | S | |
| CVE-2012-4236 | Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/v... | E | |
| CVE-2012-4237 | Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users wi... | E | |
| CVE-2012-4238 | Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008... | E | |
| CVE-2012-4240 | SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 all... | E | |
| CVE-2012-4241 | Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to injec... | E | |
| CVE-2012-4242 | Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows re... | E | |
| CVE-2012-4244 | ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV ... | | |
| CVE-2012-4245 | The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attacke... | | |
| CVE-2012-4246 | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.... | E S | |
| CVE-2012-4247 | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.... | S | |
| CVE-2012-4248 | The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPA... | | |
| CVE-2012-4249 | The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows... | | |
| CVE-2012-4250 | Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx Act... | E | |
| CVE-2012-4251 | Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to ... | E | |
| CVE-2012-4252 | Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attack... | E | |
| CVE-2012-4253 | Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read ar... | E | |
| CVE-2012-4254 | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct re... | E | |
| CVE-2012-4255 | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to l... | E | |
| CVE-2012-4256 | The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive inform... | E | |
| CVE-2012-4257 | Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive... | E | |
| CVE-2012-4258 | Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers... | E | |
| CVE-2012-4259 | Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web fronte... | E | |
| CVE-2012-4260 | Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL c... | E | |
| CVE-2012-4261 | SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attac... | | |
| CVE-2012-4262 | Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arb... | E | |
| CVE-2012-4263 | Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_... | E S | |
| CVE-2012-4264 | Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) p... | E S | |
| CVE-2012-4265 | SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to e... | E | |
| CVE-2012-4266 | Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote ... | E | |
| CVE-2012-4267 | Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote at... | E S | |
| CVE-2012-4268 | Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProo... | E S | |
| CVE-2012-4269 | Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute... | E | |
| CVE-2012-4270 | Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to injec... | E | |
| CVE-2012-4271 | Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad B... | E S | |
| CVE-2012-4272 | Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin befor... | E S | |
| CVE-2012-4273 | Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin... | E S | |
| CVE-2012-4274 | Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 be... | | |
| CVE-2012-4275 | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07... | | |
| CVE-2012-4276 | Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before ... | | |
| CVE-2012-4277 | Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in d... | E S | |
| CVE-2012-4278 | Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to... | E | |
| CVE-2012-4279 | Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbi... | E | |
| CVE-2012-4280 | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3... | E | |
| CVE-2012-4281 | Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute a... | E | |
| CVE-2012-4282 | SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arb... | E | |
| CVE-2012-4283 | Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress ... | E S | |
| CVE-2012-4284 | A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name valida... | E | |
| CVE-2012-4285 | The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark... | E S | |
| CVE-2012-4286 | The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.... | E S | |
| CVE-2012-4287 | epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remot... | E S | |
| CVE-2012-4288 | Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissec... | E S | |
| CVE-2012-4289 | epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6... | S | |
| CVE-2012-4290 | The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 all... | | |
| CVE-2012-4291 | The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allo... | | |
| CVE-2012-4292 | The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshar... | E S | |
| CVE-2012-4293 | plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15,... | S | |
| CVE-2012-4294 | Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in ... | E S | |
| CVE-2012-4295 | Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c i... | E S | |
| CVE-2012-4296 | Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1... | E S | |
| CVE-2012-4297 | Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c i... | S | |
| CVE-2012-4298 | Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxV... | E S | |
| CVE-2012-4301 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows ... | | |
| CVE-2012-4303 | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1... | | |
| CVE-2012-4305 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows ... | | |
| CVE-2012-4324 | Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote a... | E | |
| CVE-2012-4325 | Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 a... | E | |
| CVE-2012-4326 | Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Ente... | | |
| CVE-2012-4327 | Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified i... | E S | |
| CVE-2012-4328 | Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4... | | |
| CVE-2012-4329 | The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service... | E | |
| CVE-2012-4330 | The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of servic... | E | |
| CVE-2012-4331 | Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2... | | |
| CVE-2012-4332 | The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path... | | |
| CVE-2012-4333 | Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) ... | E | |
| CVE-2012-4334 | The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX control... | E | |
| CVE-2012-4335 | Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop... | E | |
| CVE-2012-4336 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow re... | E | |
| CVE-2012-4337 | Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary cod... | | |
| CVE-2012-4340 | Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to in... | | |
| CVE-2012-4341 | Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attac... | | |
| CVE-2012-4342 | Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers... | | |
| CVE-2012-4343 | Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary ... | | |
| CVE-2012-4344 | Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to i... | E | |
| CVE-2012-4345 | Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4... | S | |
| CVE-2012-4347 | Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway... | E | |
| CVE-2012-4348 | The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2... | | |
| CVE-2012-4349 | Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2... | | |
| CVE-2012-4350 | Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in... | | |
| CVE-2012-4351 | Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP... | | |
| CVE-2012-4352 | Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow rem... | E | |
| CVE-2012-4353 | Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Win... | E S | |
| CVE-2012-4354 | TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07... | E | |
| CVE-2012-4355 | TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07... | E | |
| CVE-2012-4356 | Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and W... | E | |
| CVE-2012-4357 | Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.0... | E | |
| CVE-2012-4358 | Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate ... | E | |
| CVE-2012-4359 | Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate ... | E | |
| CVE-2012-4360 | Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for... | | |
| CVE-2012-4361 | lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authen... | E | |
| CVE-2012-4362 | hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu... | E | |
| CVE-2012-4363 | Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause ... | | |
| CVE-2012-4366 | Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N... | | |
| CVE-2012-4377 | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows ... | S | |
| CVE-2012-4378 | Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.1... | S | |
| CVE-2012-4379 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP h... | S | |
| CVE-2012-4380 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking e... | S | |
| CVE-2012-4381 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which c... | S | |
| CVE-2012-4382 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, whi... | S | |
| CVE-2012-4383 | contao prior to 2.11.4 has a sql injection vulnerability... | S | |
| CVE-2012-4384 | letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name... | E | |
| CVE-2012-4385 | letodms 3.3.6 has CSRF via change password... | E | |
| CVE-2012-4386 | The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token ... | | |
| CVE-2012-4387 | Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumpt... | S | |
| CVE-2012-4388 | The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine... | E S | |
| CVE-2012-4389 | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attacke... | E S | |
| CVE-2012-4390 | (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0... | E S | |
| CVE-2012-4391 | Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 ... | | |
| CVE-2012-4392 | index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote atta... | E S | |
| CVE-2012-4393 | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote att... | E S | |
| CVE-2012-4394 | Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allow... | E S | |
| CVE-2012-4395 | Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attacke... | E S | |
| CVE-2012-4396 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers ... | E S | |
| CVE-2012-4397 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers ... | E S | |
| CVE-2012-4398 | The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain... | S | |
| CVE-2012-4399 | The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read a... | E | |
| CVE-2012-4400 | repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote aut... | | |
| CVE-2012-4401 | Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intende... | S | |
| CVE-2012-4402 | webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not... | S | |
| CVE-2012-4403 | theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the... | S | |
| CVE-2012-4404 | security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain... | | |
| CVE-2012-4405 | Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) ... | | |
| CVE-2012-4406 | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module un... | S | |
| CVE-2012-4407 | lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not pr... | S | |
| CVE-2012-4408 | course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an ... | S | |
| CVE-2012-4409 | Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier a... | E | |
| CVE-2012-4410 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-4411 | The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensiti... | | |
| CVE-2012-4412 | Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier al... | E S | |
| CVE-2012-4413 | OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, whi... | | |
| CVE-2012-4414 | Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.2... | | |
| CVE-2012-4415 | Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0... | E S | |
| CVE-2012-4416 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-4417 | GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary fi... | | |
| CVE-2012-4418 | Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signatu... | E | |
| CVE-2012-4419 | The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x be... | | |
| CVE-2012-4420 | An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of... | E | |
| CVE-2012-4421 | The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not ... | E S | |
| CVE-2012-4422 | wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not chec... | E S | |
| CVE-2012-4423 | The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cau... | | |
| CVE-2012-4424 | Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and... | E S | |
| CVE-2012-4425 | libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, a... | E S | |
| CVE-2012-4426 | Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote ... | | |
| CVE-2012-4427 | The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation... | E | |
| CVE-2012-4428 | openslp: SLPIntersectStringList()' Function has a DoS vulnerability... | | |
| CVE-2012-4429 | Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening ... | | |
| CVE-2012-4430 | The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL... | S | |
| CVE-2012-4431 | org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x bef... | S | |
| CVE-2012-4432 | Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote ... | E S | |
| CVE-2012-4433 | Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.... | | |
| CVE-2012-4434 | fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or ... | E | |
| CVE-2012-4435 | fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users... | | |
| CVE-2012-4436 | Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when proces... | | |
| CVE-2012-4437 | Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) bef... | S | |
| CVE-2012-4438 | Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP a... | | |
| CVE-2012-4439 | Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attacke... | | |
| CVE-2012-4440 | Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attacke... | | |
| CVE-2012-4441 | Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attacke... | | |
| CVE-2012-4442 | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations w... | | |
| CVE-2012-4443 | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scri... | | |
| CVE-2012-4444 | The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote... | S | |
| CVE-2012-4445 | Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.... | | |
| CVE-2012-4446 | The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is ena... | | |
| CVE-2012-4447 | Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to caus... | | |
| CVE-2012-4448 | Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remo... | E | |
| CVE-2012-4449 | Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a... | | |
| CVE-2012-4450 | 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn op... | S | |
| CVE-2012-4451 | Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remot... | S | |
| CVE-2012-4452 | MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privil... | | |
| CVE-2012-4453 | dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other pro... | S | |
| CVE-2012-4454 | openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable ... | | |
| CVE-2012-4455 | openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files... | | |
| CVE-2012-4456 | The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom... | S | |
| CVE-2012-4457 | OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authori... | | |
| CVE-2012-4458 | The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of s... | S | |
| CVE-2012-4459 | Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earli... | S | |
| CVE-2012-4460 | The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and e... | S | |
| CVE-2012-4461 | The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace wi... | | |
| CVE-2012-4462 | aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows r... | | |
| CVE-2012-4463 | Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAG... | | |
| CVE-2012-4464 | Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers t... | | |
| CVE-2012-4465 | Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows re... | | |
| CVE-2012-4466 | Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows... | | |
| CVE-2012-4467 | The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3... | E | |
| CVE-2012-4468 | Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal ... | S | |
| CVE-2012-4469 | Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x b... | S | |
| CVE-2012-4470 | The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when im... | S | |
| CVE-2012-4471 | The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access t... | S | |
| CVE-2012-4472 | Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and e... | E S | |
| CVE-2012-4473 | The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated use... | S | |
| CVE-2012-4474 | Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2... | S | |
| CVE-2012-4475 | The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not ... | S | |
| CVE-2012-4476 | Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows rem... | S | |
| CVE-2012-4477 | Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers t... | S | |
| CVE-2012-4478 | Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal all... | S | |
| CVE-2012-4479 | SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers... | S | |
| CVE-2012-4480 | mom creates world-writable pid files in /var/run... | | |
| CVE-2012-4481 | The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the Na... | | |
| CVE-2012-4482 | The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment not... | | |
| CVE-2012-4483 | The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_d... | S | |
| CVE-2012-4484 | Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor mod... | S | |
| CVE-2012-4485 | Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view fun... | E S | |
| CVE-2012-4486 | Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allo... | S | |
| CVE-2012-4487 | The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, w... | S | |
| CVE-2012-4488 | The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly ch... | S | |
| CVE-2012-4489 | Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7... | E S | |
| CVE-2012-4490 | Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-... | S | |
| CVE-2012-4491 | The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined b... | | |
| CVE-2012-4492 | Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.... | S | |
| CVE-2012-4493 | Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions mod... | S | |
| CVE-2012-4494 | The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of... | | |
| CVE-2012-4495 | The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files ou... | S | |
| CVE-2012-4496 | Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-... | S | |
| CVE-2012-4497 | Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.... | S | |
| CVE-2012-4498 | The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Camp... | S | |
| CVE-2012-4499 | The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1... | S | |
| CVE-2012-4500 | The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with th... | S | |
| CVE-2012-4501 | Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbi... | | |
| CVE-2012-4502 | Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a de... | S | |
| CVE-2012-4503 | cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information f... | S | |
| CVE-2012-4504 | Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 a... | S | |
| CVE-2012-4505 | Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x al... | | |
| CVE-2012-4506 | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a patt... | | |
| CVE-2012-4507 | The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to ca... | S | |
| CVE-2012-4508 | Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain s... | S | |
| CVE-2012-4509 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-4510 | cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function ... | | |
| CVE-2012-4511 | services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Fli... | S | |
| CVE-2012-4512 | The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause ... | E | |
| CVE-2012-4513 | khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial ... | E | |
| CVE-2012-4514 | rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a de... | E | |
| CVE-2012-4515 | Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when ... | E | |
| CVE-2012-4516 | librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attac... | | |
| CVE-2012-4517 | ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows... | S | |
| CVE-2012-4518 | ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the... | | |
| CVE-2012-4519 | Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS.... | | |
| CVE-2012-4520 | The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 al... | S | |
| CVE-2012-4521 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4505. Reason: This candidate... | R | |
| CVE-2012-4522 | The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r... | | |
| CVE-2012-4523 | radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks w... | | |
| CVE-2012-4524 | xlockmore before 5.43 'dclock' security bypass vulnerability... | S | |
| CVE-2012-4525 | piwigo has XSS in password.php... | | |
| CVE-2012-4526 | piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)... | | |
| CVE-2012-4527 | Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cau... | | |
| CVE-2012-4528 | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass r... | E | |
| CVE-2012-4529 | The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, ... | | |
| CVE-2012-4530 | The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly ha... | | |
| CVE-2012-4531 | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to in... | | |
| CVE-2012-4532 | Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language S... | E | |
| CVE-2012-4533 | Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function ... | | |
| CVE-2012-4534 | org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28... | E S | |
| CVE-2012-4535 | Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a ... | | |
| CVE-2012-4536 | The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS ... | | |
| CVE-2012-4537 | Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p ta... | | |
| CVE-2012-4538 | The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable s... | | |
| CVE-2012-4539 | Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS ... | | |
| CVE-2012-4540 | Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x bef... | | |
| CVE-2012-4541 | Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbit... | | |
| CVE-2012-4542 | block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class ... | | |
| CVE-2012-4543 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.... | | |
| CVE-2012-4544 | The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1)... | | |
| CVE-2012-4545 | The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0... | | |
| CVE-2012-4546 | The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate... | | |
| CVE-2012-4547 | Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.... | | |
| CVE-2012-4548 | Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote a... | | |
| CVE-2012-4549 | The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enter... | | |
| CVE-2012-4550 | JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based a... | | |
| CVE-2012-4551 | Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a den... | | |
| CVE-2012-4552 | Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote a... | | |
| CVE-2012-4553 | Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-insta... | S | |
| CVE-2012-4554 | The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via... | S | |
| CVE-2012-4555 | The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not pro... | | |
| CVE-2012-4556 | The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remot... | | |
| CVE-2012-4557 | The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into a... | E S | |
| CVE-2012-4558 | Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager ... | | |
| CVE-2012-4559 | Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_req... | | |
| CVE-2012-4560 | Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service... | | |
| CVE-2012-4561 | The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and ... | | |
| CVE-2012-4562 | Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of servic... | | |
| CVE-2012-4563 | Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates... | | |
| CVE-2012-4564 | ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attac... | E S | |
| CVE-2012-4565 | The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when th... | E | |
| CVE-2012-4566 | The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are co... | | |
| CVE-2012-4567 | Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow r... | | |
| CVE-2012-4568 | Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 ... | | |
| CVE-2012-4569 | Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS... | | |
| CVE-2012-4570 | SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before... | | |
| CVE-2012-4571 | Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFi... | | |
| CVE-2012-4572 | Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does ... | | |
| CVE-2012-4573 | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authentica... | S | |
| CVE-2012-4574 | Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows lo... | | |
| CVE-2012-4575 | The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote at... | | |
| CVE-2012-4576 | FreeBSD: Input Validation Flaw allows local users to gain elevated privileges... | | |
| CVE-2012-4577 | The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Indu... | | |
| CVE-2012-4578 | The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it e... | | |
| CVE-2012-4579 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote ... | S | |
| CVE-2012-4580 | Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch... | | |
| CVE-2012-4581 | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email ... | | |
| CVE-2012-4582 | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email ... | | |
| CVE-2012-4583 | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email ... | | |
| CVE-2012-4584 | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email ... | | |
| CVE-2012-4585 | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email ... | | |
| CVE-2012-4586 | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email ... | | |
| CVE-2012-4587 | McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time prov... | | |
| CVE-2012-4588 | McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid ... | | |
| CVE-2012-4589 | Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an of... | | |
| CVE-2012-4590 | Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise... | | |
| CVE-2012-4591 | About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name ... | | |
| CVE-2012-4592 | The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for ... | | |
| CVE-2012-4593 | McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password re... | | |
| CVE-2012-4594 | McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass inte... | | |
| CVE-2012-4595 | McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Ga... | | |
| CVE-2012-4596 | Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authen... | | |
| CVE-2012-4597 | Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 ... | | |
| CVE-2012-4598 | An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows re... | | |
| CVE-2012-4599 | McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does... | | |
| CVE-2012-4600 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before... | E | |
| CVE-2012-4601 | Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authentic... | E S | |
| CVE-2012-4602 | Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nico... | | |
| CVE-2012-4603 | Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and e... | | |
| CVE-2012-4604 | The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers ... | E | |
| CVE-2012-4605 | The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables w... | | |
| CVE-2012-4606 | Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 ... | | |
| CVE-2012-4607 | Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, ... | | |
| CVE-2012-4608 | Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer ... | | |
| CVE-2012-4609 | The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct c... | | |
| CVE-2012-4610 | EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, whic... | | |
| CVE-2012-4611 | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (A... | | |
| CVE-2012-4612 | Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software S... | | |
| CVE-2012-4613 | EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the ... | | |
| CVE-2012-4614 | The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not requ... | | |
| CVE-2012-4615 | EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the st... | | |
| CVE-2012-4616 | Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1... | | |
| CVE-2012-4617 | The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.... | | |
| CVE-2012-4618 | The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows ... | | |
| CVE-2012-4619 | The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cau... | | |
| CVE-2012-4620 | Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, ... | | |
| CVE-2012-4621 | The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial o... | | |
| CVE-2012-4622 | Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E ... | | |
| CVE-2012-4623 | The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.... | | |
| CVE-2012-4629 | The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (AS... | | |
| CVE-2012-4638 | Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establ... | | |
| CVE-2012-4643 | The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Service... | | |
| CVE-2012-4651 | Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of se... | | |
| CVE-2012-4655 | The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries th... | | |
| CVE-2012-4658 | The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a d... | | |
| CVE-2012-4659 | The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA... | | |
| CVE-2012-4660 | The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the A... | | |
| CVE-2012-4661 | Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (A... | | |
| CVE-2012-4662 | The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and th... | | |
| CVE-2012-4663 | The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and th... | | |
| CVE-2012-4667 | Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attac... | S | |
| CVE-2012-4668 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attack... | S | |
| CVE-2012-4669 | M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for a... | | |
| CVE-2012-4670 | Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback ... | | |
| CVE-2012-4671 | psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response,... | | |
| CVE-2012-4672 | Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, whi... | | |
| CVE-2012-4673 | SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote ... | E S | |
| CVE-2012-4674 | PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.... | | |
| CVE-2012-4675 | Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary... | | |
| CVE-2012-4676 | The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to d... | E | |
| CVE-2012-4677 | Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plis... | | |
| CVE-2012-4678 | munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to ... | | |
| CVE-2012-4679 | Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote a... | E S | |
| CVE-2012-4680 | Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Direc... | | |
| CVE-2012-4681 | Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update ... | KEV E | |
| CVE-2012-4682 | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service v... | | |
| CVE-2012-4683 | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service v... | | |
| CVE-2012-4684 | The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character represe... | | |
| CVE-2012-4685 | Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 bef... | E | |
| CVE-2012-4686 | SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execu... | E | |
| CVE-2012-4687 | Post Oak Bluetooth Traffic Systems Insufficient Entropy | S | |
| CVE-2012-4688 | I-GEN opLYNX Central Authentication Bypass | S | |
| CVE-2012-4689 | Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01... | | |
| CVE-2012-4690 | Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controll... | | |
| CVE-2012-4691 | Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attacke... | | |
| CVE-2012-4692 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4693 | Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algor... | | |
| CVE-2012-4694 | Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for... | | |
| CVE-2012-4695 | LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR... | | |
| CVE-2012-4696 | Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, ... | | |
| CVE-2012-4697 | TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows ... | | |
| CVE-2012-4698 | Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS thro... | | |
| CVE-2012-4699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4700 | Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 buil... | S | |
| CVE-2012-4701 | Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to... | | |
| CVE-2012-4702 | 360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root ac... | | |
| CVE-2012-4703 | The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and ... | | |
| CVE-2012-4704 | Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute ar... | | |
| CVE-2012-4705 | Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attacke... | | |
| CVE-2012-4706 | Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cau... | | |
| CVE-2012-4707 | 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vect... | | |
| CVE-2012-4708 | Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to ... | | |
| CVE-2012-4709 | Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files,... | | |
| CVE-2012-4710 | Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, s... | | |
| CVE-2012-4711 | Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.200... | | |
| CVE-2012-4712 | Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote... | | |
| CVE-2012-4713 | Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform ... | | |
| CVE-2012-4714 | Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) C... | | |
| CVE-2012-4715 | Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2... | | |
| CVE-2012-4716 | N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private key... | | |
| CVE-2012-4717 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4718 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4719 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4720 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4721 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4722 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4723 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4724 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4725 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4726 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4728 | The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro ... | E | |
| CVE-2012-4729 | Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon ... | | |
| CVE-2012-4730 | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users wi... | | |
| CVE-2012-4731 | FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allow... | | |
| CVE-2012-4732 | Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions be... | S | |
| CVE-2012-4733 | Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecy... | S | |
| CVE-2012-4734 | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a... | | |
| CVE-2012-4735 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6578, CVE-2012-6579, CVE-20... | R | |
| CVE-2012-4736 | The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encry... | | |
| CVE-2012-4737 | channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified... | | |
| CVE-2012-4739 | Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-0... | E | |
| CVE-2012-4740 | Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows re... | | |
| CVE-2012-4741 | The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authent... | | |
| CVE-2012-4742 | The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to... | E | |
| CVE-2012-4743 | Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow... | E | |
| CVE-2012-4744 | Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard... | | |
| CVE-2012-4745 | Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attack... | | |
| CVE-2012-4746 | Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_O... | E | |
| CVE-2012-4747 | Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and... | S | |
| CVE-2012-4750 | A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhomet... | E | |
| CVE-2012-4751 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before... | E | |
| CVE-2012-4752 | appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authen... | | |
| CVE-2012-4753 | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote att... | | |
| CVE-2012-4754 | Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gai... | | |
| CVE-2012-4755 | Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users t... | | |
| CVE-2012-4756 | Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to... | | |
| CVE-2012-4757 | Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local ... | | |
| CVE-2012-4758 | Multiple untrusted search path vulnerabilities in CyberLink PowerProducer 5.5.3.2325 allow local use... | | |
| CVE-2012-4759 | Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5... | | |
| CVE-2012-4760 | A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3... | E | |
| CVE-2012-4761 | A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent i... | E | |
| CVE-2012-4767 | An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the lo... | E | |
| CVE-2012-4768 | Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress... | E | |
| CVE-2012-4771 | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attacke... | E | |
| CVE-2012-4772 | SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to exec... | E | |
| CVE-2012-4773 | Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote ... | E | |
| CVE-2012-4774 | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP... | | |
| CVE-2012-4775 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb... | | |
| CVE-2012-4776 | The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4... | | |
| CVE-2012-4777 | The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5... | | |
| CVE-2012-4778 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4779 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4780 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4781 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to ... | | |
| CVE-2012-4782 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to exec... | | |
| CVE-2012-4783 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4784 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4785 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4786 | The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista ... | | |
| CVE-2012-4787 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to exec... | | |
| CVE-2012-4788 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4789 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4790 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4791 | Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a... | | |
| CVE-2012-4792 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to e... | KEV S | |
| CVE-2012-4793 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4794 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4795 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4796 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4797 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4798 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4799 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4800 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4801 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4802 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4803 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4804 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4805 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4806 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4807 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4808 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4809 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4810 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4811 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4812 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4813 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-4816 | IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intend... | | |
| CVE-2012-4817 | The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, d... | | |
| CVE-2012-4818 | IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to o... | | |
| CVE-2012-4819 | Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere... | | |
| CVE-2012-4820 | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear... | | |
| CVE-2012-4821 | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 ... | | |
| CVE-2012-4822 | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 ... | | |
| CVE-2012-4823 | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear... | | |
| CVE-2012-4824 | Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Int... | E | |
| CVE-2012-4825 | Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lot... | E | |
| CVE-2012-4826 | Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) ... | | |
| CVE-2012-4829 | IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication,... | | |
| CVE-2012-4830 | Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 all... | | |
| CVE-2012-4832 | Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8... | | |
| CVE-2012-4833 | fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option... | S | |
| CVE-2012-4834 | Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal ... | S | |
| CVE-2012-4835 | Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, ... | | |
| CVE-2012-4836 | Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, ... | | |
| CVE-2012-4837 | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2... | | |
| CVE-2012-4838 | IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow loca... | | |
| CVE-2012-4839 | The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 ... | | |
| CVE-2012-4840 | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2... | | |
| CVE-2012-4841 | Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-... | S | |
| CVE-2012-4842 | Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote ... | | |
| CVE-2012-4844 | Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 a... | | |
| CVE-2012-4845 | The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privil... | | |
| CVE-2012-4846 | IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for... | S | |
| CVE-2012-4847 | IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a den... | | |
| CVE-2012-4848 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c all... | | |
| CVE-2012-4850 | IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not p... | | |
| CVE-2012-4851 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile bef... | | |
| CVE-2012-4853 | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0... | | |
| CVE-2012-4855 | Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.... | | |
| CVE-2012-4856 | The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure ... | | |
| CVE-2012-4857 | Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote a... | | |
| CVE-2012-4858 | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2... | | |
| CVE-2012-4859 | Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.... | S | |
| CVE-2012-4861 | The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and... | | |
| CVE-2012-4862 | The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly... | | |
| CVE-2012-4863 | IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability... | | |
| CVE-2012-4864 | Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption an... | E | |
| CVE-2012-4865 | Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a cr... | E | |
| CVE-2012-4866 | Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code a... | E | |
| CVE-2012-4867 | Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.... | E | |
| CVE-2012-4868 | SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote atta... | E | |
| CVE-2012-4869 | The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier a... | E | |
| CVE-2012-4870 | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attacker... | E | |
| CVE-2012-4871 | Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in Lit... | E | |
| CVE-2012-4872 | Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows r... | | |
| CVE-2012-4873 | Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 al... | E | |
| CVE-2012-4874 | Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has u... | | |
| CVE-2012-4875 | Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device ... | | |
| CVE-2012-4876 | Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wirel... | E | |
| CVE-2012-4877 | Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and... | E | |
| CVE-2012-4878 | Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote... | E | |
| CVE-2012-4879 | The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial... | | |
| CVE-2012-4880 | Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect ... | | |
| CVE-2012-4881 | Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain p... | | |
| CVE-2012-4882 | Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to ... | | |
| CVE-2012-4883 | Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow ... | | |
| CVE-2012-4884 | Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ... | | |
| CVE-2012-4885 | The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attacke... | | |
| CVE-2012-4886 | Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remo... | E | |
| CVE-2012-4889 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remo... | E | |
| CVE-2012-4890 | Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow re... | E | |
| CVE-2012-4891 | Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allow... | E | |
| CVE-2012-4892 | Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remo... | | |
| CVE-2012-4893 | Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earl... | | |
| CVE-2012-4894 | Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to exec... | | |
| CVE-2012-4895 | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary cod... | | |
| CVE-2012-4896 | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary cod... | | |
| CVE-2012-4897 | Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local... | | |
| CVE-2012-4898 | Tropos Wireless Mesh Routers Insufficient Entropy | S | |
| CVE-2012-4899 | WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier ... | S | |
| CVE-2012-4900 | Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference... | | |
| CVE-2012-4901 | Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers t... | E | |
| CVE-2012-4902 | Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow r... | E | |
| CVE-2012-4903 | Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which ... | | |
| CVE-2012-4904 | Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows rem... | | |
| CVE-2012-4905 | Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remo... | | |
| CVE-2012-4906 | Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which ... | | |
| CVE-2012-4907 | Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code ... | | |
| CVE-2012-4908 | Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Polic... | | |
| CVE-2012-4909 | Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information vi... | | |
| CVE-2012-4910 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4911 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2012-4912 | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before S... | S | |
| CVE-2012-4914 | Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute ar... | | |
| CVE-2012-4915 | Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allow... | | |
| CVE-2012-4917 | The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain... | | |
| CVE-2012-4918 | Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows... | | |
| CVE-2012-4919 | Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability... | | |
| CVE-2012-4920 | Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Foru... | S | |
| CVE-2012-4921 | Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0... | | |
| CVE-2012-4922 | The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, doe... | | |
| CVE-2012-4923 | Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to... | E | |
| CVE-2012-4924 | Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net... | E | |
| CVE-2012-4925 | Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attack... | E | |
| CVE-2012-4926 | approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers... | E | |
| CVE-2012-4927 | SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier ... | E | |
| CVE-2012-4928 | Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attac... | E | |
| CVE-2012-4929 | The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products,... | | |
| CVE-2012-4930 | The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can ... | | |
| CVE-2012-4932 | Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 a... | E | |
| CVE-2012-4933 | The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a h... | E | |
| CVE-2012-4934 | TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote ... | | |
| CVE-2012-4935 | Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows r... | | |
| CVE-2012-4936 | The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via... | | |
| CVE-2012-4937 | Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers t... | | |
| CVE-2012-4938 | Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote a... | | |
| CVE-2012-4939 | Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.... | E | |
| CVE-2012-4940 | Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Ser... | | |
| CVE-2012-4941 | Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 ... | | |
| CVE-2012-4942 | Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk... | | |
| CVE-2012-4943 | Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommande... | | |
| CVE-2012-4944 | Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk b... | | |
| CVE-2012-4945 | Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrar... | | |
| CVE-2012-4946 | Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption,... | | |
| CVE-2012-4947 | Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, w... | | |
| CVE-2012-4948 | The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority... | | |
| CVE-2012-4949 | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitra... | | |
| CVE-2012-4950 | Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern ... | | |
| CVE-2012-4951 | Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console... | E | |
| CVE-2012-4952 | Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared acros... | | |
| CVE-2012-4953 | The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small... | | |
| CVE-2012-4954 | The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify ar... | | |
| CVE-2012-4955 | Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0... | S | |
| CVE-2012-4956 | Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to ... | E | |
| CVE-2012-4957 | Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote at... | | |
| CVE-2012-4958 | Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attack... | | |
| CVE-2012-4959 | Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attack... | | |
| CVE-2012-4960 | The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX30... | | |
| CVE-2012-4964 | The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes ... | | |
| CVE-2012-4965 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6569. Reason: This candida... | R | |
| CVE-2012-4966 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6570. Reason: This candida... | R | |
| CVE-2012-4967 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6571. Reason: This candida... | R | |
| CVE-2012-4968 | Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x be... | E S | |
| CVE-2012-4969 | Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Exp... | KEV S | |
| CVE-2012-4970 | Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Po... | | |
| CVE-2012-4971 | Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arb... | E | |
| CVE-2012-4972 | Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers t... | | |
| CVE-2012-4974 | Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileg... | | |
| CVE-2012-4975 | editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary su... | | |
| CVE-2012-4976 | selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credenti... | | |
| CVE-2012-4977 | Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by... | | |
| CVE-2012-4980 | Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow us... | | |
| CVE-2012-4981 | Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability... | | |
| CVE-2012-4982 | Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows... | | |
| CVE-2012-4983 | Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.... | | |
| CVE-2012-4985 | The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized cl... | | |
| CVE-2012-4987 | Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attack... | | |
| CVE-2012-4988 | Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in ... | E | |
| CVE-2012-4989 | Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 8... | E | |
| CVE-2012-4990 | SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 al... | E | |
| CVE-2012-4991 | Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remo... | E | |
| CVE-2012-4992 | Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execut... | E | |
| CVE-2012-4993 | torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allo... | E | |
| CVE-2012-4994 | SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote... | S | |
| CVE-2012-4995 | Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ B... | | |
| CVE-2012-4996 | Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to ex... | E | |
| CVE-2012-4997 | Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and ... | E | |
| CVE-2012-4998 | Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject a... | E | |
| CVE-2012-4999 | Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of... | E |