| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2012-5000 | SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows ... | E | |
| CVE-2012-5001 | Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow... | | |
| CVE-2012-5002 | Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1... | E | |
| CVE-2012-5003 | nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticit... | | |
| CVE-2012-5004 | Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow r... | E | |
| CVE-2012-5005 | Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows rem... | E | |
| CVE-2012-5006 | Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and othe... | S | |
| CVE-2012-5007 | The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary ... | S | |
| CVE-2012-5010 | ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1... | | |
| CVE-2012-5014 | Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device cr... | | |
| CVE-2012-5017 | Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device r... | | |
| CVE-2012-5030 | Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote aut... | S | |
| CVE-2012-5032 | The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3... | | |
| CVE-2012-5036 | Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory ... | | |
| CVE-2012-5037 | The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local ... | | |
| CVE-2012-5039 | The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of ... | | |
| CVE-2012-5044 | Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a de... | | |
| CVE-2012-5048 | APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of... | | |
| CVE-2012-5049 | APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of... | | |
| CVE-2012-5050 | Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) befo... | | |
| CVE-2012-5051 | Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitra... | | |
| CVE-2012-5053 | Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructur... | | |
| CVE-2012-5054 | Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4... | KEV E | |
| CVE-2012-5055 | DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, a... | | |
| CVE-2012-5056 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote att... | | |
| CVE-2012-5057 | CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbit... | | |
| CVE-2012-5058 | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.... | S | |
| CVE-2012-5059 | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51... | | |
| CVE-2012-5060 | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and ... | | |
| CVE-2012-5061 | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser... | S | |
| CVE-2012-5062 | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Man... | | |
| CVE-2012-5063 | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser... | S | |
| CVE-2012-5064 | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser... | S | |
| CVE-2012-5065 | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6... | S | |
| CVE-2012-5066 | Unspecified vulnerability in the Oracle Central Designer component in Oracle Industry Applications 1... | S | |
| CVE-2012-5067 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5068 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5069 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5070 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5071 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5072 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5073 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5074 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5075 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5076 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | KEV S | |
| CVE-2012-5077 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5078 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows re... | S | |
| CVE-2012-5079 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5080 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows re... | S | |
| CVE-2012-5081 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5082 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows re... | S | |
| CVE-2012-5083 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5084 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5085 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5086 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5087 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5088 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5089 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2012-5090 | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Produ... | S | |
| CVE-2012-5091 | Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component i... | | |
| CVE-2012-5092 | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Produ... | S | |
| CVE-2012-5093 | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Produ... | S | |
| CVE-2012-5094 | Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Produ... | S | |
| CVE-2012-5095 | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, int... | S | |
| CVE-2012-5096 | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote a... | | |
| CVE-2012-5097 | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.... | | |
| CVE-2012-5098 | Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execu... | E | |
| CVE-2012-5099 | Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attacke... | E | |
| CVE-2012-5100 | Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files v... | E | |
| CVE-2012-5101 | SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remot... | | |
| CVE-2012-5102 | Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote at... | E | |
| CVE-2012-5103 | Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 ... | E | |
| CVE-2012-5104 | Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier a... | E | |
| CVE-2012-5105 | Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to... | E | |
| CVE-2012-5106 | Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute... | E | |
| CVE-2012-5108 | Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary cod... | | |
| CVE-2012-5109 | The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 al... | | |
| CVE-2012-5110 | The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of ser... | | |
| CVE-2012-5111 | Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspeci... | | |
| CVE-2012-5112 | Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22... | | |
| CVE-2012-5115 | Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in ... | | |
| CVE-2012-5116 | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a... | | |
| CVE-2012-5117 | Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in th... | | |
| CVE-2012-5118 | Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the... | | |
| CVE-2012-5119 | Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to c... | | |
| CVE-2012-5120 | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms a... | | |
| CVE-2012-5121 | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a... | | |
| CVE-2012-5122 | Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during... | | |
| CVE-2012-5123 | Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of ser... | | |
| CVE-2012-5124 | Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers t... | | |
| CVE-2012-5125 | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a... | | |
| CVE-2012-5126 | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a... | | |
| CVE-2012-5127 | Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of s... | | |
| CVE-2012-5128 | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform w... | | |
| CVE-2012-5129 | Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows rem... | | |
| CVE-2012-5130 | Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of ser... | | |
| CVE-2012-5131 | Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior... | | |
| CVE-2012-5132 | Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application ... | | |
| CVE-2012-5133 | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a... | | |
| CVE-2012-5134 | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and... | | |
| CVE-2012-5135 | Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a... | | |
| CVE-2012-5136 | Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during... | | |
| CVE-2012-5137 | Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a... | | |
| CVE-2012-5138 | Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact ... | | |
| CVE-2012-5139 | Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a... | | |
| CVE-2012-5140 | Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a... | | |
| CVE-2012-5141 | Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client ... | | |
| CVE-2012-5142 | Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote a... | | |
| CVE-2012-5143 | Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of s... | | |
| CVE-2012-5144 | Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not prope... | | |
| CVE-2012-5145 | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a... | | |
| CVE-2012-5146 | Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a mal... | | |
| CVE-2012-5147 | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a... | | |
| CVE-2012-5148 | The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file n... | | |
| CVE-2012-5149 | Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers... | | |
| CVE-2012-5150 | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a... | | |
| CVE-2012-5151 | Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of s... | | |
| CVE-2012-5152 | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bound... | | |
| CVE-2012-5153 | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to ... | | |
| CVE-2012-5154 | Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial ... | | |
| CVE-2012-5155 | Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for wo... | | |
| CVE-2012-5156 | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a... | | |
| CVE-2012-5157 | Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows... | | |
| CVE-2012-5158 | Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret ha... | | |
| CVE-2012-5159 | phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in... | | |
| CVE-2012-5161 | The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to exe... | | |
| CVE-2012-5162 | Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remot... | | |
| CVE-2012-5163 | Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows re... | S | |
| CVE-2012-5164 | Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers ... | E S | |
| CVE-2012-5166 | ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV ... | | |
| CVE-2012-5167 | Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to exe... | E S | |
| CVE-2012-5168 | ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category ... | E S | |
| CVE-2012-5169 | Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AConte... | E S | |
| CVE-2012-5170 | Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbi... | | |
| CVE-2012-5171 | Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or... | | |
| CVE-2012-5172 | The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sen... | | |
| CVE-2012-5173 | Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions... | | |
| CVE-2012-5174 | The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers... | | |
| CVE-2012-5175 | Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote att... | | |
| CVE-2012-5176 | Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 5.02 and earlier allows remote at... | | |
| CVE-2012-5177 | Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows rem... | | |
| CVE-2012-5178 | Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress all... | | |
| CVE-2012-5179 | The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do ... | | |
| CVE-2012-5180 | The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not pr... | | |
| CVE-2012-5181 | Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 E... | S | |
| CVE-2012-5182 | The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, wh... | | |
| CVE-2012-5183 | The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive informat... | | |
| CVE-2012-5184 | Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly File... | | |
| CVE-2012-5185 | Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) a... | | |
| CVE-2012-5186 | Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remot... | | |
| CVE-2012-5187 | The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive... | | |
| CVE-2012-5188 | Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to tri... | S | |
| CVE-2012-5189 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2012-5190 | Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability... | | |
| CVE-2012-5192 | Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows rem... | E | |
| CVE-2012-5193 | Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote atta... | E | |
| CVE-2012-5195 | Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.... | S | |
| CVE-2012-5196 | Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact a... | | |
| CVE-2012-5197 | Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unkno... | | |
| CVE-2012-5198 | Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and ... | | |
| CVE-2012-5199 | Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2... | | |
| CVE-2012-5200 | Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent M... | | |
| CVE-2012-5201 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5202 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5203 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5204 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5205 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5206 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5207 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5208 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5209 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5210 | Unspecified vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (... | | |
| CVE-2012-5211 | Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before... | | |
| CVE-2012-5212 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5213 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Cente... | | |
| CVE-2012-5214 | Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 allows remote attackers to obtai... | | |
| CVE-2012-5215 | Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and... | | |
| CVE-2012-5216 | Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with sof... | | |
| CVE-2012-5217 | HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access r... | | |
| CVE-2012-5218 | HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature,... | | |
| CVE-2012-5219 | Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 al... | | |
| CVE-2012-5220 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users... | | |
| CVE-2012-5221 | Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 52... | | |
| CVE-2012-5222 | HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive inf... | | |
| CVE-2012-5223 | The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6... | E S | |
| CVE-2012-5224 | PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMP... | E | |
| CVE-2012-5225 | Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote ... | E | |
| CVE-2012-5226 | Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attack... | E | |
| CVE-2012-5227 | SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attack... | E | |
| CVE-2012-5228 | Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly... | E | |
| CVE-2012-5229 | Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for... | E | |
| CVE-2012-5230 | Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has... | | |
| CVE-2012-5231 | miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename... | E | |
| CVE-2012-5232 | Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote atta... | | |
| CVE-2012-5233 | Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows r... | S | |
| CVE-2012-5234 | Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirec... | S | |
| CVE-2012-5236 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-5237 | The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x ... | S | |
| CVE-2012-5238 | epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI... | S | |
| CVE-2012-5239 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candida... | R | |
| CVE-2012-5240 | Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in ... | | |
| CVE-2012-5242 | Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows ... | E | |
| CVE-2012-5243 | functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary da... | E | |
| CVE-2012-5244 | Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to e... | E | |
| CVE-2012-5248 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5249 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5250 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5251 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5252 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5253 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5254 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5255 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5256 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5257 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5258 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5259 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5260 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5261 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5262 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5263 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5264 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5265 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5266 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5267 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5268 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5269 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5270 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5271 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | | |
| CVE-2012-5272 | Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 1... | S | |
| CVE-2012-5273 | Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary co... | S | |
| CVE-2012-5274 | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and... | S | |
| CVE-2012-5275 | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and... | S | |
| CVE-2012-5276 | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and... | S | |
| CVE-2012-5277 | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and... | S | |
| CVE-2012-5278 | Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 1... | S | |
| CVE-2012-5279 | Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 1... | S | |
| CVE-2012-5280 | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and... | S | |
| CVE-2012-5281 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5282 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5283 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5284 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5285 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | S | |
| CVE-2012-5286 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5287 | Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and... | | |
| CVE-2012-5288 | SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute a... | E | |
| CVE-2012-5289 | Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrar... | E | |
| CVE-2012-5290 | Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitr... | E | |
| CVE-2012-5291 | SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to ex... | E | |
| CVE-2012-5292 | Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitra... | E | |
| CVE-2012-5293 | Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers ... | E | |
| CVE-2012-5294 | SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attack... | E | |
| CVE-2012-5295 | Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remo... | E | |
| CVE-2012-5296 | Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 200... | E | |
| CVE-2012-5297 | SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows re... | E | |
| CVE-2012-5298 | Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insuffi... | E | |
| CVE-2012-5299 | Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve... | E | |
| CVE-2012-5300 | SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote a... | E | |
| CVE-2012-5301 | The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sess... | | |
| CVE-2012-5302 | The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control... | | |
| CVE-2012-5303 | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack o... | | |
| CVE-2012-5304 | Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote... | | |
| CVE-2012-5305 | Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows rem... | | |
| CVE-2012-5306 | Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ... | E | |
| CVE-2012-5307 | Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.... | E | |
| CVE-2012-5308 | Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler thro... | E | |
| CVE-2012-5309 | servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restric... | E | |
| CVE-2012-5310 | SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote a... | | |
| CVE-2012-5311 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candida... | R | |
| CVE-2012-5312 | SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands ... | E | |
| CVE-2012-5313 | SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arb... | E | |
| CVE-2012-5314 | Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inj... | E | |
| CVE-2012-5315 | Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inj... | E | |
| CVE-2012-5316 | Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware ... | E | |
| CVE-2012-5317 | SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attack... | E S | |
| CVE-2012-5318 | Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting ... | | |
| CVE-2012-5319 | Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, a... | E | |
| CVE-2012-5320 | Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows... | E | |
| CVE-2012-5321 | tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web s... | E | |
| CVE-2012-5322 | Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject a... | E | |
| CVE-2012-5323 | Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd i... | | |
| CVE-2012-5324 | Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker ... | E | |
| CVE-2012-5325 | Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in th... | E | |
| CVE-2012-5326 | Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allow... | E | |
| CVE-2012-5327 | Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 ... | E | |
| CVE-2012-5328 | Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before... | | |
| CVE-2012-5329 | Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of ser... | E | |
| CVE-2012-5330 | Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to injec... | E | |
| CVE-2012-5331 | Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary loca... | E | |
| CVE-2012-5332 | at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dere... | E | |
| CVE-2012-5333 | SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arb... | E | |
| CVE-2012-5334 | SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to exe... | E | |
| CVE-2012-5335 | Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arb... | E | |
| CVE-2012-5336 | lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which... | | |
| CVE-2012-5337 | Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote atta... | E | |
| CVE-2012-5338 | Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary w... | E | |
| CVE-2012-5339 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote au... | S | |
| CVE-2012-5340 | SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() ... | E | |
| CVE-2012-5341 | Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow rem... | E | |
| CVE-2012-5342 | Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execu... | E | |
| CVE-2012-5343 | Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers t... | E S | |
| CVE-2012-5344 | Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) ... | E | |
| CVE-2012-5345 | Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 al... | E | |
| CVE-2012-5346 | Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPres... | E | |
| CVE-2012-5347 | TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in t... | E | |
| CVE-2012-5348 | SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary... | E | |
| CVE-2012-5349 | Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1... | E | |
| CVE-2012-5350 | SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote auth... | E | |
| CVE-2012-5351 | Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertio... | | |
| CVE-2012-5352 | Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass a... | | |
| CVE-2012-5353 | Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authenticati... | | |
| CVE-2012-5354 | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly hand... | | |
| CVE-2012-5355 | welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a ... | | |
| CVE-2012-5356 | The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.8... | | |
| CVE-2012-5357 | Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enab... | E | |
| CVE-2012-5358 | The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configu... | E | |
| CVE-2012-5359 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF... | M | |
| CVE-2012-5360 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT ... | | |
| CVE-2012-5361 | Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV... | | |
| CVE-2012-5362 | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial... | | |
| CVE-2012-5363 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remot... | | |
| CVE-2012-5364 | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial... | | |
| CVE-2012-5365 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remot... | | |
| CVE-2012-5366 | The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote at... | | |
| CVE-2012-5367 | Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administra... | E | |
| CVE-2012-5368 | phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmy... | S | |
| CVE-2012-5370 | JRuby computes hash values without properly restricting the ability to trigger hash collisions predi... | | |
| CVE-2012-5371 | Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly r... | S | |
| CVE-2012-5372 | Rubinius computes hash values without properly restricting the ability to trigger hash collisions pr... | E | |
| CVE-2012-5373 | Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restr... | | |
| CVE-2012-5374 | The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users... | E S | |
| CVE-2012-5375 | The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users... | E S | |
| CVE-2012-5376 | The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows rem... | | |
| CVE-2012-5377 | Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, whe... | E | |
| CVE-2012-5378 | Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when inst... | E | |
| CVE-2012-5379 | Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when ... | E | |
| CVE-2012-5380 | Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when insta... | E | |
| CVE-2012-5381 | Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed ... | E | |
| CVE-2012-5382 | Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when... | E | |
| CVE-2012-5383 | Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when i... | | |
| CVE-2012-5384 | Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attack... | | |
| CVE-2012-5385 | install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settin... | | |
| CVE-2012-5386 | Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to includ... | | |
| CVE-2012-5387 | Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin be... | E S | |
| CVE-2012-5388 | Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for W... | E S | |
| CVE-2012-5389 | NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers... | | |
| CVE-2012-5390 | The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 befo... | | |
| CVE-2012-5391 | Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3... | | |
| CVE-2012-5394 | Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.... | | |
| CVE-2012-5395 | Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x befo... | | |
| CVE-2012-5409 | AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle... | | |
| CVE-2012-5415 | Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause ... | | |
| CVE-2012-5416 | Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0... | | |
| CVE-2012-5417 | Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to ce... | | |
| CVE-2012-5419 | Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Fir... | | |
| CVE-2012-5422 | Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated... | | |
| CVE-2012-5424 | Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a ... | | |
| CVE-2012-5427 | Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated use... | | |
| CVE-2012-5429 | The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allo... | | |
| CVE-2012-5444 | Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search ... | | |
| CVE-2012-5445 | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones)... | | |
| CVE-2012-5450 | Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Ma... | E | |
| CVE-2012-5451 | Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote at... | S | |
| CVE-2012-5452 | Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to i... | E | |
| CVE-2012-5453 | SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows r... | E | |
| CVE-2012-5454 | user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, whic... | E | |
| CVE-2012-5455 | Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 al... | | |
| CVE-2012-5456 | The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a ... | | |
| CVE-2012-5458 | VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissio... | | |
| CVE-2012-5459 | Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x bef... | S | |
| CVE-2012-5460 | Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS ... | | |
| CVE-2012-5468 | Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allow... | E S | |
| CVE-2012-5469 | The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authenti... | E | |
| CVE-2012-5470 | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of servic... | E | |
| CVE-2012-5471 | The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x befor... | S | |
| CVE-2012-5472 | lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated use... | | |
| CVE-2012-5473 | The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.... | S | |
| CVE-2012-5474 | The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Esse... | E | |
| CVE-2012-5475 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5881, CVE-2012-5882, CVE-201... | R | |
| CVE-2012-5476 | Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/qua... | | |
| CVE-2012-5477 | The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify file... | | |
| CVE-2012-5478 | The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platfo... | | |
| CVE-2012-5479 | The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows... | | |
| CVE-2012-5480 | The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.... | | |
| CVE-2012-5481 | Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capabil... | | |
| CVE-2012-5482 | The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authentica... | | |
| CVE-2012-5483 | tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Am... | | |
| CVE-2012-5484 | The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority ... | | |
| CVE-2012-5485 | registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute ... | S | |
| CVE-2012-5486 | ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, al... | S | |
| CVE-2012-5487 | The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allow... | S | |
| CVE-2012-5488 | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Pyt... | S | |
| CVE-2012-5489 | The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2... | S | |
| CVE-2012-5490 | Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 ... | S | |
| CVE-2012-5491 | z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the... | S | |
| CVE-2012-5492 | uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadat... | S | |
| CVE-2012-5493 | gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain p... | S | |
| CVE-2012-5494 | Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before b... | S | |
| CVE-2012-5495 | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Pyt... | S | |
| CVE-2012-5496 | kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service ... | S | |
| CVE-2012-5497 | membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate ... | S | |
| CVE-2012-5498 | queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass cachin... | S | |
| CVE-2012-5499 | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a den... | S | |
| CVE-2012-5500 | The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 all... | S | |
| CVE-2012-5501 | at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary... | S | |
| CVE-2012-5502 | Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1... | S | |
| CVE-2012-5503 | ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder con... | S | |
| CVE-2012-5504 | Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before... | S | |
| CVE-2012-5505 | atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data str... | S | |
| CVE-2012-5506 | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a den... | S | |
| CVE-2012-5507 | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before b... | S | |
| CVE-2012-5508 | The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random ... | E | |
| CVE-2012-5509 | aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud En... | E | |
| CVE-2012-5510 | Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the... | | |
| CVE-2012-5511 | Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 all... | | |
| CVE-2012-5512 | Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administr... | S | |
| CVE-2012-5513 | The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which... | | |
| CVE-2012-5514 | The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock t... | | |
| CVE-2012-5515 | The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls... | | |
| CVE-2012-5516 | Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage dom... | | |
| CVE-2012-5517 | The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users t... | S | |
| CVE-2012-5518 | vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyon... | | |
| CVE-2012-5519 | CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web int... | E | |
| CVE-2012-5520 | The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote at... | E S | |
| CVE-2012-5521 | quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal... | | |
| CVE-2012-5522 | MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user ... | | |
| CVE-2012-5523 | core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifica... | | |
| CVE-2012-5524 | The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL c... | E S | |
| CVE-2012-5525 | The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause... | | |
| CVE-2012-5526 | CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P he... | | |
| CVE-2012-5527 | Claws Mail vCalendar plugin: credentials exposed on interface... | | |
| CVE-2012-5528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-5529 | TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users t... | | |
| CVE-2012-5530 | The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local u... | | |
| CVE-2012-5531 | Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal ... | | |
| CVE-2012-5532 | The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel befo... | S | |
| CVE-2012-5533 | The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers... | E S | |
| CVE-2012-5534 | The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attacker... | S | |
| CVE-2012-5535 | gnome-system-log polkit policy allows arbitrary files on the system to be read... | E | |
| CVE-2012-5536 | A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fe... | E S | |
| CVE-2012-5537 | The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users ... | S | |
| CVE-2012-5538 | Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and ... | S | |
| CVE-2012-5539 | The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending ... | S | |
| CVE-2012-5540 | Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and ... | S | |
| CVE-2012-5541 | Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1... | S | |
| CVE-2012-5542 | Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.... | S | |
| CVE-2012-5543 | The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's auth... | S | |
| CVE-2012-5544 | The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain pa... | S | |
| CVE-2012-5545 | Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 f... | S | |
| CVE-2012-5546 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This identifier was p... | R | |
| CVE-2012-5547 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7... | S | |
| CVE-2012-5548 | Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remo... | S | |
| CVE-2012-5549 | Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allo... | | |
| CVE-2012-5550 | SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers ... | | |
| CVE-2012-5551 | Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 f... | S | |
| CVE-2012-5552 | The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remot... | S | |
| CVE-2012-5553 | Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.4... | S | |
| CVE-2012-5554 | The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enf... | S | |
| CVE-2012-5555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-5556 | Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) modu... | S | |
| CVE-2012-5557 | The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not pro... | S | |
| CVE-2012-5558 | Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and ... | | |
| CVE-2012-5559 | Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite ... | S | |
| CVE-2012-5560 | The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone fo... | | |
| CVE-2012-5561 | script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/s... | | |
| CVE-2012-5562 | rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite... | | |
| CVE-2012-5563 | OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration... | S | |
| CVE-2012-5564 | android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files vi... | | |
| CVE-2012-5565 | Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) ... | | |
| CVE-2012-5566 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 befor... | | |
| CVE-2012-5567 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 befor... | | |
| CVE-2012-5568 | Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via... | E | |
| CVE-2012-5569 | Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1... | S | |
| CVE-2012-5570 | The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with th... | | |
| CVE-2012-5571 | OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the u... | S | |
| CVE-2012-5572 | CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 all... | | |
| CVE-2012-5573 | The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circu... | S | |
| CVE-2012-5574 | lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary fil... | E S | |
| CVE-2012-5575 | Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify t... | | |
| CVE-2012-5576 | Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2... | E S | |
| CVE-2012-5577 | Python keyring lib before 0.10 created keyring files with world-readable permissions.... | S | |
| CVE-2012-5578 | Python keyring has insecure permissions on new databases allowing world-readable files to be created... | S | |
| CVE-2012-5579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5611. Reason: This candida... | R | |
| CVE-2012-5580 | Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might all... | E | |
| CVE-2012-5581 | Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a ... | | |
| CVE-2012-5582 | opendnssec misuses libcurl API... | | |
| CVE-2012-5583 | phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's ... | | |
| CVE-2012-5584 | The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissi... | S | |
| CVE-2012-5585 | Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal all... | S | |
| CVE-2012-5586 | The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authe... | S | |
| CVE-2012-5587 | Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal... | S | |
| CVE-2012-5588 | The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and t... | S | |
| CVE-2012-5589 | The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly ... | S | |
| CVE-2012-5590 | SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute... | | |
| CVE-2012-5591 | Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.... | S | |
| CVE-2012-5592 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate... | R | |
| CVE-2012-5593 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate... | R | |
| CVE-2012-5594 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate... | R | |
| CVE-2012-5595 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate... | R | |
| CVE-2012-5596 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate... | R | |
| CVE-2012-5597 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate... | R | |
| CVE-2012-5598 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6060. Reason: This candidate... | R | |
| CVE-2012-5599 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate... | R | |
| CVE-2012-5600 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate... | R | |
| CVE-2012-5601 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate... | R | |
| CVE-2012-5602 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candida... | R | |
| CVE-2012-5603 | proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permission... | | |
| CVE-2012-5604 | The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for auth... | | |
| CVE-2012-5605 | Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/gri... | | |
| CVE-2012-5606 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote ... | S | |
| CVE-2012-5607 | The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check t... | S | |
| CVE-2012-5608 | Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x befo... | | |
| CVE-2012-5609 | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authent... | S | |
| CVE-2012-5610 | Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4... | S | |
| CVE-2012-5611 | Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions throug... | E | |
| CVE-2012-5612 | Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5... | E S | |
| CVE-2012-5613 | MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when conf... | E | |
| CVE-2012-5614 | Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versi... | E S | |
| CVE-2012-5615 | Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, an... | | |
| CVE-2012-5616 | Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.... | | |
| CVE-2012-5617 | gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation... | | |
| CVE-2012-5618 | Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.... | S | |
| CVE-2012-5619 | The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file sy... | | |
| CVE-2012-5620 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-5621 | lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a de... | S | |
| CVE-2012-5622 | Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/con... | S | |
| CVE-2012-5623 | Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.... | | |
| CVE-2012-5624 | The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allo... | | |
| CVE-2012-5625 | OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed insta... | S | |
| CVE-2012-5626 | EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss O... | | |
| CVE-2012-5627 | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not ... | E S | |
| CVE-2012-5628 | gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows ... | | |
| CVE-2012-5629 | The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Ent... | | |
| CVE-2012-5630 | libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and remov... | | |
| CVE-2012-5631 | ipa 3.0 does not properly check server identity before sending credential containing cookies... | | |
| CVE-2012-5632 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2012-5633 | The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, wh... | | |
| CVE-2012-5634 | Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT... | | |
| CVE-2012-5635 | The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0... | | |
| CVE-2012-5636 | Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, ... | S | |
| CVE-2012-5637 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4518. Reason: This candida... | R | |
| CVE-2012-5638 | The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.... | | |
| CVE-2012-5639 | LibreOffice and OpenOffice automatically open embedded content... | | |
| CVE-2012-5640 | thttpd has a local DoS vulnerability via specially-crafted .htpasswd files... | | |
| CVE-2012-5641 | Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before... | E S | |
| CVE-2012-5642 | server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, w... | S | |
| CVE-2012-5643 | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x... | S | |
| CVE-2012-5644 | libuser has information disclosure when moving user's home directory... | S | |
| CVE-2012-5645 | A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed... | | |
| CVE-2012-5646 | node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attacke... | | |
| CVE-2012-5647 | Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.... | E S | |
| CVE-2012-5648 | Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arb... | | |
| CVE-2012-5649 | Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to e... | | |
| CVE-2012-5650 | Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x befor... | | |
| CVE-2012-5651 | Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow... | S | |
| CVE-2012-5652 | Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files ... | S | |
| CVE-2012-5653 | The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated us... | E S | |
| CVE-2012-5654 | The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically gene... | S | |
| CVE-2012-5655 | The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not prope... | E S | |
| CVE-2012-5656 | The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via a... | E S | |
| CVE-2012-5657 | The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.... | | |
| CVE-2012-5658 | rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the passwor... | | |
| CVE-2012-5659 | Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Auto... | E S | |
| CVE-2012-5660 | abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local ... | E S | |
| CVE-2012-5661 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a r... | R | |
| CVE-2012-5662 | x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subjec... | | |
| CVE-2012-5663 | The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insec... | E | |
| CVE-2012-5664 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason:... | R | |
| CVE-2012-5665 | ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.ph... | E S | |
| CVE-2012-5666 | Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.1... | | |
| CVE-2012-5667 | Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execut... | S | |
| CVE-2012-5668 | FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer... | | |
| CVE-2012-5669 | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause... | | |
| CVE-2012-5670 | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause... | | |
| CVE-2012-5671 | Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.... | | |
| CVE-2012-5672 | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow rem... | E | |
| CVE-2012-5673 | Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on W... | | |
| CVE-2012-5674 | Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services... | | |
| CVE-2012-5675 | Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting san... | S | |
| CVE-2012-5676 | Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, be... | S | |
| CVE-2012-5677 | Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, b... | S | |
| CVE-2012-5678 | Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 an... | S | |
| CVE-2012-5679 | Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code... | | |
| CVE-2012-5680 | Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code ... | | |
| CVE-2012-5681 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5682 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5683 | Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote... | E | |
| CVE-2012-5684 | Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inj... | E | |
| CVE-2012-5685 | SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrar... | E | |
| CVE-2012-5686 | ZPanel 10.0.1 has insufficient entropy for its password reset process.... | | |
| CVE-2012-5687 | Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N route... | E | |
| CVE-2012-5688 | ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attac... | S | |
| CVE-2012-5689 | ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS6... | | |
| CVE-2012-5690 | RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers... | | |
| CVE-2012-5691 | Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 all... | | |
| CVE-2012-5692 | Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Boar... | S | |
| CVE-2012-5693 | Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arb... | E | |
| CVE-2012-5694 | Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.... | E | |
| CVE-2012-5695 | Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Frame... | E | |
| CVE-2012-5696 | Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to f... | E | |
| CVE-2012-5697 | The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 u... | E | |
| CVE-2012-5698 | BabyGekko before 1.2.4 has SQL injection.... | | |
| CVE-2012-5699 | BabyGekko before 1.2.4 allows PHP file inclusion.... | | |
| CVE-2012-5700 | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attacke... | E | |
| CVE-2012-5701 | Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated adminis... | E S | |
| CVE-2012-5702 | Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attacker... | E S | |
| CVE-2012-5703 | The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service ... | | |
| CVE-2012-5704 | The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "a... | E S | |
| CVE-2012-5705 | Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotb... | E S | |
| CVE-2012-5717 | Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly ma... | | |
| CVE-2012-5723 | Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attacker... | | |
| CVE-2012-5744 | Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services E... | | |
| CVE-2012-5756 | The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when... | | |
| CVE-2012-5757 | Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7... | | |
| CVE-2012-5758 | The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does ... | | |
| CVE-2012-5759 | The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allow... | | |
| CVE-2012-5760 | SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netez... | | |
| CVE-2012-5761 | Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2... | | |
| CVE-2012-5762 | Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2... | | |
| CVE-2012-5763 | Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 be... | | |
| CVE-2012-5765 | The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0... | | |
| CVE-2012-5766 | Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File ... | | |
| CVE-2012-5767 | Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C... | | |
| CVE-2012-5769 | IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read a... | | |
| CVE-2012-5770 | The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.... | S | |
| CVE-2012-5771 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5772 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5773 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5774 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5775 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5776 | Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.... | E | |
| CVE-2012-5777 | Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/conne... | E | |
| CVE-2012-5780 | The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subjec... | E | |
| CVE-2012-5781 | Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain na... | E | |
| CVE-2012-5782 | Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches ... | E | |
| CVE-2012-5783 | Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK a... | S | |
| CVE-2012-5784 | Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional I... | E | |
| CVE-2012-5785 | Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name i... | E | |
| CVE-2012-5786 | The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/... | | |
| CVE-2012-5787 | The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subjec... | E | |
| CVE-2012-5788 | The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject... | E | |
| CVE-2012-5789 | PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matche... | E | |
| CVE-2012-5790 | PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a dom... | E | |
| CVE-2012-5791 | PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Com... | E | |
| CVE-2012-5792 | The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain n... | E | |
| CVE-2012-5793 | The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain nam... | E | |
| CVE-2012-5794 | The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name... | E | |
| CVE-2012-5795 | The PayPal Express module in osCommerce does not verify that the server hostname matches a domain na... | E | |
| CVE-2012-5796 | The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name i... | E | |
| CVE-2012-5797 | The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domai... | E | |
| CVE-2012-5798 | The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a do... | E | |
| CVE-2012-5799 | The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname match... | E | |
| CVE-2012-5800 | The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the ... | E | |
| CVE-2012-5801 | The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in th... | E | |
| CVE-2012-5802 | The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the ... | E | |
| CVE-2012-5803 | The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name ... | E | |
| CVE-2012-5804 | The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in... | E | |
| CVE-2012-5805 | The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain n... | E | |
| CVE-2012-5806 | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain... | E | |
| CVE-2012-5807 | The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domai... | E | |
| CVE-2012-5808 | The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in t... | E | |
| CVE-2012-5809 | The Groupon Redemptions application for Android does not verify that the server hostname matches a d... | E | |
| CVE-2012-5810 | The Chase mobile banking application for Android does not verify that the server hostname matches a ... | E | |
| CVE-2012-5811 | The Breezy application for Android does not verify that the server hostname matches a domain name in... | E | |
| CVE-2012-5812 | The ACRA library for Android does not verify that the server hostname matches a domain name in the s... | E | |
| CVE-2012-5813 | The Android_Pusher library for Android does not verify that the server hostname matches a domain nam... | E | |
| CVE-2012-5814 | Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname ... | E | |
| CVE-2012-5815 | The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in th... | E | |
| CVE-2012-5816 | AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name i... | E | |
| CVE-2012-5817 | Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other product... | E | |
| CVE-2012-5818 | ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common... | E | |
| CVE-2012-5819 | FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common... | E | |
| CVE-2012-5820 | The developer-account sample code in Google AdMob does not verify that the server hostname matches a... | E | |
| CVE-2012-5821 | Lynx does not verify that the server's certificate is signed by a trusted certification authority, w... | E | |
| CVE-2012-5822 | The contribution feature in Zamboni does not verify that the server hostname matches a domain name i... | E | |
| CVE-2012-5823 | Open Source Classifieds does not verify that the server hostname matches a domain name in the subjec... | E | |
| CVE-2012-5824 | Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Co... | E | |
| CVE-2012-5825 | Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (... | E | |
| CVE-2012-5827 | Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking at... | | |
| CVE-2012-5828 | BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser compone... | | |
| CVE-2012-5829 | Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, F... | E S | |
| CVE-2012-5830 | Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunde... | E | |
| CVE-2012-5831 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5832 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5833 | The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.... | S | |
| CVE-2012-5834 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5835 | Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0... | E S | |
| CVE-2012-5836 | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attacke... | | |
| CVE-2012-5837 | The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, whi... | | |
| CVE-2012-5838 | The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird... | E S | |
| CVE-2012-5839 | Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla... | S | |
| CVE-2012-5840 | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox bef... | E S | |
| CVE-2012-5841 | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird E... | S | |
| CVE-2012-5842 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox E... | S | |
| CVE-2012-5843 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbi... | E S | |
| CVE-2012-5844 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5846 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5847 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2012-5849 | Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attac... | E S | |
| CVE-2012-5851 | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.... | E | |
| CVE-2012-5853 | SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the ... | E | |
| CVE-2012-5854 | Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial ... | | |
| CVE-2012-5855 | The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assis... | E | |
| CVE-2012-5856 | Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allow... | | |
| CVE-2012-5858 | Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows... | E | |
| CVE-2012-5859 | Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (cra... | E | |
| CVE-2012-5860 | Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 smart cards makes it easier for... | | |
| CVE-2012-5861 | Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ... | E | |
| CVE-2012-5862 | login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog pho... | E | |
| CVE-2012-5863 | ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog phot... | E | |
| CVE-2012-5864 | The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Elec... | E | |
| CVE-2012-5865 | SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to ex... | E | |
| CVE-2012-5866 | Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to ... | E | |
| CVE-2012-5867 | HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability... | E | |
| CVE-2012-5868 | WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout ac... | | |
| CVE-2012-5872 | ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSel... | E | |
| CVE-2012-5873 | ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an o... | E | |
| CVE-2012-5874 | Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_gu... | E | |
| CVE-2012-5875 | Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer d... | E | |
| CVE-2012-5876 | Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow r... | E | |
| CVE-2012-5877 | Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointe... | E | |
| CVE-2012-5878 | Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to exec... | E | |
| CVE-2012-5879 | An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 an... | E | |
| CVE-2012-5881 | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through ... | S | |
| CVE-2012-5882 | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through ... | S | |
| CVE-2012-5883 | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through ... | S | |
| CVE-2012-5884 | The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obta... | | |
| CVE-2012-5885 | The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in A... | | |
| CVE-2012-5886 | The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x befor... | | |
| CVE-2012-5887 | The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x befor... | | |
| CVE-2012-5888 | Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 f... | S | |
| CVE-2012-5889 | Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows re... | S | |
| CVE-2012-5890 | The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote ... | S | |
| CVE-2012-5891 | Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 17... | E | |
| CVE-2012-5892 | Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient acc... | E | |
| CVE-2012-5893 | Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows r... | E | |
| CVE-2012-5894 | SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attacke... | E | |
| CVE-2012-5895 | Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.... | | |
| CVE-2012-5896 | The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and ea... | E | |
| CVE-2012-5897 | The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTr... | E | |
| CVE-2012-5898 | Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to... | E | |
| CVE-2012-5899 | Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allow... | E | |
| CVE-2012-5900 | Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute a... | E | |
| CVE-2012-5901 | DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insuffici... | | |
| CVE-2012-5902 | Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows re... | | |
| CVE-2012-5903 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attacker... | E | |
| CVE-2012-5904 | Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary cod... | | |
| CVE-2012-5905 | Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (cras... | E | |
| CVE-2012-5906 | Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remo... | E | |
| CVE-2012-5907 | Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allow... | E | |
| CVE-2012-5908 | Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoar... | E | |
| CVE-2012-5909 | SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allo... | E | |
| CVE-2012-5910 | SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authentic... | | |
| CVE-2012-5911 | Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attac... | E | |
| CVE-2012-5912 | Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitr... | E | |
| CVE-2012-5913 | Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.3... | E | |
| CVE-2012-5914 | Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.p... | E | |
| CVE-2012-5915 | Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via d... | | |
| CVE-2012-5916 | Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct requ... | E | |
| CVE-2012-5917 | SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long s... | E | |
| CVE-2012-5918 | razorCMS 1.2 allows remote authenticated users to access administrator directories and files by crea... | E | |
| CVE-2012-5919 | Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attac... | E | |
| CVE-2012-5920 | Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used ... | | |
| CVE-2012-5930 | The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x bef... | E | |
| CVE-2012-5931 | Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in Net... | | |
| CVE-2012-5932 | Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Pr... | E | |
| CVE-2012-5936 | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure ... | | |
| CVE-2012-5937 | Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrat... | | |
| CVE-2012-5938 | The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Lin... | | |
| CVE-2012-5939 | Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interf... | S | |
| CVE-2012-5940 | The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, al... | | |
| CVE-2012-5941 | Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2... | | |
| CVE-2012-5942 | Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tiv... | | |
| CVE-2012-5943 | Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted r... | | |
| CVE-2012-5945 | Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 all... | | |
| CVE-2012-5946 | Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1... | | |
| CVE-2012-5947 | Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote... | | |
| CVE-2012-5948 | Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x ... | | |
| CVE-2012-5949 | Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x ... | | |
| CVE-2012-5950 | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x a... | | |
| CVE-2012-5951 | Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local u... | | |
| CVE-2012-5952 | IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does no... | | |
| CVE-2012-5953 | IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when t... | | |
| CVE-2012-5954 | Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.... | | |
| CVE-2012-5955 | Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (... | | |
| CVE-2012-5956 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service... | | |
| CVE-2012-5958 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5959 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5960 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5961 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5962 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5963 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5964 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5965 | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP pa... | E S | |
| CVE-2012-5966 | The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypas... | | |
| CVE-2012-5967 | SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web ... | | |
| CVE-2012-5968 | The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers... | | |
| CVE-2012-5969 | Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1)... | | |
| CVE-2012-5970 | The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereferenc... | | |
| CVE-2012-5972 | Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows rem... | E | |
| CVE-2012-5973 | CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrar... | | |
| CVE-2012-5975 | The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1... | E | |
| CVE-2012-5976 | Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x befor... | | |
| CVE-2012-5977 | Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified A... | | |
| CVE-2012-5978 | Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security... | | |
| CVE-2012-5979 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5079. Reason: This candidat... | R | |
| CVE-2012-5990 | Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Net... | | |
| CVE-2012-5991 | screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.1... | E | |
| CVE-2012-5992 | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) de... | E |