CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3165 | low | — | 3.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx. | |||
| CVE-2012-3504 | low | — | 3.6 | 14y ago | The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. | |||
| CVE-2012-5349 | low | — | 3.6 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3… | |||
| CVE-2012-3738 | low | — | 3.6 | 14y ago | The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended acces… | |||
| CVE-2012-4600 | low | — | 3.6 | 14y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote… | |||
| CVE-2012-1597 | low | — | 3.6 | 14y ago | Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2012-3952 | low | — | 3.6 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | |||
| CVE-2012-3454 | low | — | 3.6 | 14y ago | eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files. | |||
| CVE-2012-3453 | low | — | 3.6 | 14y ago | logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. | |||
| CVE-2012-3449 | low | — | 3.6 | 14y ago | Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and … | |||
| CVE-2012-3450 | low | — | 3.6 | 14y ago | pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote a… | |||
| CVE-2012-3355 | low | — | 3.6 | 14y ago | (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack … | |||
| CVE-2012-1620 | low | — | 3.6 | 14y ago | slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which revea… | |||
| CVE-2012-1122 | low | — | 3.6 | 14y ago | bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users wit… | |||
| CVE-2012-1120 | low | — | 3.6 | 14y ago | The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SO… | |||
| CVE-2012-2451 | low | — | 3.6 | 14y ago | The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these detai… | |||
| CVE-2012-2692 | low | — | 3.6 | 14y ago | MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypas… | |||
| CVE-2012-0546 | low | — | 3.6 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to… | |||
| CVE-2012-0545 | low | — | 3.6 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to… | |||
| CVE-2012-0808 | low | — | 3.6 | 14y ago | as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. | |||
| CVE-2012-0933 | low | — | 3.6 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) adm… | |||
| CVE-2012-0111 | low | — | 3.6 | 15y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. | |||
| CVE-2012-0109 | low | — | 3.6 | 15y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. | |||
| CVE-2012-3865 | low | — | 3.5 | 9y ago | Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remot… | |||
| CVE-2012-5502 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script … | |||
| CVE-2012-6149 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2012-0827 | low | — | 3.5 | 13y ago | The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields vi… | |||
| CVE-2012-6148 | low | — | 3.5 | 13y ago | Typo3 Function Menu API XSS Vulnerability | |||
| CVE-2012-6147 | low | — | 3.5 | 13y ago | Typo3 Backend API XSS Vulnerability | |||
| CVE-2012-6145 | low | — | 3.5 | 13y ago | Typo3 Backend History Module Vulnerable to XSS | |||
| CVE-2012-6565 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-def… | |||
| CVE-2012-4303 | low | — | 3.5 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to C… | |||
| CVE-2012-0706 | low | — | 3.5 | 13y ago | IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to ob… | |||
| CVE-2012-5200 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated u… | |||
| CVE-2012-5942 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticat… | |||
| CVE-2012-5939 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remo… | |||
| CVE-2012-4836 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject… | |||
| CVE-2012-6074 | low | — | 3.5 | 13y ago | Jenkins allows Cross-Site Scripting (XSS) | |||
| CVE-2012-5941 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks, … | |||
| CVE-2012-5762 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vector… | |||
| CVE-2012-5761 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspec… | |||
| CVE-2012-3322 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Ser… | |||
| CVE-2012-3316 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asse… | |||
| CVE-2012-3268 | low | — | 3.5 | 14y ago | Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Fi… | |||
| CVE-2012-3310 | low | — | 3.5 | 14y ago | IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) ke… | |||
| CVE-2012-5096 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. | |||
| CVE-2012-3192 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE). | |||
| CVE-2012-1678 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enter… | |||
| CVE-2012-3871 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. | |||
| CVE-2012-3870 | low | — | 3.5 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or … | |||
| CVE-2012-5589 | low | — | 3.5 | 14y ago | The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users … | |||
| CVE-2012-4848 | low | — | 3.5 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-att… | |||
| CVE-2012-4791 | low | — | 3.5 | 14y ago | Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS … | |||
| CVE-2012-6064 | low | — | 3.5 | 14y ago | Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (… | |||
| CVE-2012-5539 | low | — | 3.5 | 14y ago | The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying… | |||
| CVE-2012-4473 | low | — | 3.5 | 14y ago | The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished no… | |||
| CVE-2012-5529 | low | — | 3.5 | 14y ago | TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL … | |||
| CVE-2012-4938 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message. | |||
| CVE-2012-4954 | low | — | 3.5 | 14y ago | The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related t… | |||
| CVE-2012-4730 | low | — | 3.5 | 14y ago | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attack… | |||
| CVE-2012-5704 | low | — | 3.5 | 14y ago | The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a blo… | |||
| CVE-2012-4500 | low | — | 3.5 | 14y ago | The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unsp… | |||
| CVE-2012-4934 | low | — | 3.5 | 14y ago | TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL. | |||
| CVE-2012-5339 | low | — | 3.5 | 14y ago | phpMyAdmin multiple cross-site scripting vulnerabilities | |||
| CVE-2012-5064 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 al… | |||
| CVE-2012-3227 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 al… | |||
| CVE-2012-3224 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confi… | |||
| CVE-2012-3197 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors relate… | |||
| CVE-2012-3193 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote authenticated users to affect confidentiality… | |||
| CVE-2012-3188 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect integrity, related to PIA Core Tec… | |||
| CVE-2012-3179 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity via unknown vecto… | |||
| CVE-2012-3176 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Pa… | |||
| CVE-2012-3167 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors relate… | |||
| CVE-2012-3164 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown … | |||
| CVE-2012-3157 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote aut… | |||
| CVE-2012-3156 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. | |||
| CVE-2012-3149 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client. | |||
| CVE-2012-3148 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload. | |||
| CVE-2012-3142 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affec… | |||
| CVE-2012-0108 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors… | |||
| CVE-2012-0092 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors relat… | |||
| CVE-2012-0090 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors relat… | |||
| CVE-2012-0086 | low | — | 3.5 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors… | |||
| CVE-2012-5316 | low | — | 3.5 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (… | |||
| CVE-2012-1624 | low | — | 3.5 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating… | |||
| CVE-2012-4065 | low | — | 3.5 | 14y ago | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain di… | |||
| CVE-2012-1639 | low | — | 3.5 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web… | |||
| CVE-2012-1588 | low | — | 3.5 | 14y ago | Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain r… | |||
| CVE-2012-1628 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1627 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitra… | |||
| CVE-2012-1653 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via u… | |||
| CVE-2012-1651 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-3924 | low | — | 3.5 | 14y ago | The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of … | |||
| CVE-2012-3923 | low | — | 3.5 | 14y ago | The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to c… | |||
| CVE-2012-4422 | low | — | 3.5 | 14y ago | wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed … | |||
| CVE-2012-0746 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, a… | |||
| CVE-2012-3529 | low | — | 3.5 | 14y ago | Typo3 Backend Configuration XSS Vulnerability | |||
| CVE-2012-3528 | low | — | 3.5 | 14y ago | Typo3 Backend XSS Vulnerability | |||
| CVE-2012-2065 | low | — | 3.5 | 14y ago | Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissi… | |||
| CVE-2012-1606 | low | — | 3.5 | 14y ago | Typo3 Backend XSS Vulnerabilities |