Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0829 | 1 Mibew | 1 Mibew Messenger | 2017-08-29 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php. | |||||
| CVE-2012-0846 | 1 K5n | 1 Webcalendar | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable. | |||||
| CVE-2012-0848 | 1 Ffmpeg | 1 Ffmpeg | 2017-08-29 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." | |||||
| CVE-2012-0851 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2017-08-29 | 6.8 MEDIUM | N/A |
| The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value. | |||||
| CVE-2012-0852 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2017-08-29 | 6.8 MEDIUM | N/A |
| The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two. | |||||
| CVE-2012-0859 | 1 Ffmpeg | 1 Ffmpeg | 2017-08-29 | 6.8 MEDIUM | N/A |
| The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. | |||||
| CVE-2012-0860 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 6.2 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. | |||||
| CVE-2012-0861 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 6.8 MEDIUM | N/A |
| The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. | |||||
| CVE-2012-0862 | 1 Xinetd | 1 Xinetd | 2017-08-29 | 4.3 MEDIUM | N/A |
| builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. | |||||
| CVE-2012-0869 | 1 Ulli Horlacher | 1 Fex | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2012-0872 | 1 Oxwall | 1 Oxwall | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist. | |||||
| CVE-2012-0874 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2017-08-29 | 6.8 MEDIUM | N/A |
| The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. | |||||
| CVE-2012-0897 | 1 Irfanview | 1 Irfanview | 2017-08-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||||
| CVE-2012-0898 | 2 Camaleo, Wordpress | 2 Myeasybackup, Wordpress | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. | |||||
| CVE-2012-0899 | 1 Annuairephp | 1 Annuaire Php | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter. | |||||
| CVE-2012-0900 | 1 Beehive Forum | 1 Beehive Forum | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php. | |||||
| CVE-2012-0901 | 1 Attenzione | 1 Yousaytoo | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | |||||
| CVE-2012-0902 | 1 Airties | 1 Air 4450 | 2017-08-29 | 5.0 MEDIUM | N/A |
| AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. | |||||
| CVE-2012-0903 | 1 Vmware | 1 Zimbra Desktop | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. | |||||
| CVE-2012-0905 | 1 Dev\!l\'s | 1 Dev\!l\'z Clanportal Gamebase Addon | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php. | |||||
| CVE-2012-0906 | 2 Dev\!l\'z, Mystarmedia | 2 Dev\!l\'z Clanportal, Moviebase Addon | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php. | |||||
| CVE-2012-0907 | 1 Neoaxis | 1 Neoaxis Web Player | 2017-08-29 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive. | |||||
| CVE-2012-0908 | 1 Simplesamlphp | 1 Simplesamlphp | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter. | |||||
| CVE-2012-0911 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-08-29 | 7.5 HIGH | N/A |
| TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. | |||||
| CVE-2012-0913 | 1 Icloudcenter | 1 Ictimeattendance | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information. | |||||
| CVE-2012-0914 | 2 Drupal, Earl Miles | 2 Drupal, Panels | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. | |||||
| CVE-2012-0917 | 1 Hitachi | 1 It Operations Analyzer | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0918 | 1 Hitachi | 3 Cobol2002 Net Client Suite, Cobol2002 Net Developer, Cobol2002 Net Server Suite | 2017-08-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2012-0919 | 1 Hitachi | 1 It Operations Director | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0922 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2017-08-29 | 9.3 HIGH | N/A |
| rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. | |||||
| CVE-2012-0925 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2017-08-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream. | |||||
| CVE-2012-0932 | 1 Leadcapturepagesystem | 1 Lead Capture Page System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2012-0933 | 1 Acidcat | 1 Acidcat Cms | 2017-08-29 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. | |||||
| CVE-2012-0934 | 2 Wordpress, Zingiri | 2 Wordpress, Theme Tuner Plugin | 2017-08-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter. | |||||
| CVE-2012-0935 | 1 Aryadad | 1 Aryadad Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter. | |||||
| CVE-2012-0936 | 1 Opennms.org | 1 Opennms | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. | |||||
| CVE-2012-0938 | 1 Testlink | 1 Testlink | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0939 | 1 Testlink | 1 Testlink | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0944 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2017-08-29 | 4.3 MEDIUM | N/A |
| Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. | |||||
| CVE-2012-0948 | 2 Canonical, Gnome | 2 Ubuntu Linux, Update-manager-core | 2017-08-29 | 2.1 LOW | N/A |
| DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | |||||
| CVE-2012-0949 | 1 Canonical | 1 Ubuntu Linux | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. | |||||
| CVE-2012-0959 | 1 Remote Login Service Hackers | 1 Remote Login Service | 2017-08-29 | 2.1 LOW | N/A |
| Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials. | |||||
| CVE-2012-0960 | 1 Ps Project Management Team | 1 Unity-firefox-extension | 2017-08-29 | 7.5 HIGH | N/A |
| Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request. | |||||
| CVE-2012-0975 | 1 Clixint | 1 Image Hosting Script Dpi | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter. | |||||
| CVE-2012-0976 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0977 | 1 Luratech | 1 Lurawave Jp2 Activex Control | 2017-08-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||||
| CVE-2012-0978 | 1 Luratech | 1 Lurawave Jp2 Browser Plug-in | 2017-08-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||||
| CVE-2012-0979 | 1 Twiki | 1 Twiki | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user. | |||||
| CVE-2012-0980 | 1 Phux | 1 Download Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter. | |||||
| CVE-2012-0981 | 1 Kybernetika | 1 Phpshowtime | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information. | |||||