CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2836 | medium | — | 6.4 | 14y ago | The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtai… | |||
| CVE-2012-2813 | medium | — | 6.4 | 14y ago | The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possib… | |||
| CVE-2012-2812 | medium | — | 6.4 | 14y ago | The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obt… | |||
| CVE-2012-1119 | medium | — | 6.4 | 14y ago | MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection. | |||
| CVE-2012-1726 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors … | |||
| CVE-2012-1818 | medium | — | 6.4 | 14y ago | An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitra… | |||
| CVE-2012-2928 | medium | — | 6.4 | 14y ago | The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to re… | |||
| CVE-2012-0655 | medium | — | 6.4 | 14y ago | libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection … | |||
| CVE-2012-1694 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl. | |||
| CVE-2012-0537 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages. | |||
| CVE-2012-0511 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2012-0510 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7 allows remote attackers to affect integrity and availability via unknown vec… | |||
| CVE-2012-2217 | medium | — | 6.4 | 14y ago | The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid befor… | |||
| CVE-2012-0726 | medium | — | 6.4 | 14y ago | The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communic… | |||
| CVE-2012-1929 | medium | — | 6.4 | 14y ago | Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content are… | |||
| CVE-2012-1928 | medium | — | 6.4 | 14y ago | Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain. | |||
| CVE-2012-1927 | medium | — | 6.4 | 14y ago | Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. | |||
| CVE-2012-1919 | medium | — | 6.4 | 14y ago | CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A se… | |||
| CVE-2012-0232 | medium | — | 6.4 | 14y ago | Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to… | |||
| CVE-2012-0460 | medium | — | 6.4 | 14y ago | Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to t… | |||
| CVE-2012-1472 | medium | — | 6.4 | 14y ago | VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified … | |||
| CVE-2012-0584 | medium | — | 6.4 | 14y ago | The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via uns… | |||
| CVE-2012-0237 | medium | — | 6.4 | 15y ago | Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | |||
| CVE-2012-1194 | medium | — | 6.4 | 15y ago | The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query,… | |||
| CVE-2012-1193 | medium | — | 6.4 | 15y ago | The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote att… | |||
| CVE-2012-1192 | medium | — | 6.4 | 15y ago | The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger co… | |||
| CVE-2012-1191 | medium | — | 6.4 | 15y ago | The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote a… | |||
| CVE-2012-0502 | medium | — | 6.4 | 15y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows… | |||
| CVE-2012-0057 | medium | — | 6.4 | 15y ago | PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. | |||
| CVE-2012-0083 | medium | — | 6.4 | 15y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality a… | |||
| CVE-2012-5014 | medium | — | 6.3 | 12y ago | Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (… | |||
| CVE-2012-0871 | medium | — | 6.3 | 12y ago | The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on… | |||
| CVE-2012-6597 | medium | — | 6.3 | 13y ago | Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a craft… | |||
| CVE-2012-3280 | medium | — | 6.3 | 14y ago | Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J06.x allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via an OSS Remot… | |||
| CVE-2012-6395 | medium | — | 6.3 | 14y ago | Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial… | |||
| CVE-2012-5717 | medium | — | 6.3 | 14y ago | Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device cra… | |||
| CVE-2012-3895 | medium | — | 6.3 | 14y ago | Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. | |||
| CVE-2012-3893 | medium | — | 6.3 | 14y ago | The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. | |||
| CVE-2012-4754 | medium | — | 6.3 | 14y ago | Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working director… | |||
| CVE-2012-1338 | medium | — | 6.3 | 14y ago | Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bu… | |||
| CVE-2012-0403 | medium | — | 6.3 | 14y ago | Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | |||
| CVE-2012-4141 | medium | — | 6.2 | 13y ago | Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and… | |||
| CVE-2012-4122 | medium | — | 6.2 | 13y ago | The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | |||
| CVE-2012-4096 | medium | — | 6.2 | 13y ago | The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the… | |||
| CVE-2012-5536 | medium | — | 6.2 | 14y ago | A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, … | |||
| CVE-2012-0860 | medium | — | 6.2 | 14y ago | Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deploy… | |||
| CVE-2012-4455 | medium | — | 6.2 | 14y ago | openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock… | |||
| CVE-2012-3511 | medium | — | 6.2 | 14y ago | Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors i… | |||
| CVE-2012-3126 | medium | — | 6.2 | 14y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Ap… | |||
| CVE-2012-0219 | medium | — | 6.2 | 14y ago | Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READL… | |||
| CVE-2012-0539 | medium | — | 6.2 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv. | |||
| CVE-2012-5636 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vector… | |||
| CVE-2012-4378 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web s… | |||
| CVE-2012-4377 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. | |||
| CVE-2012-4569 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2012-4567 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.Cl… | |||
| CVE-2012-6705 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | |||
| CVE-2012-5723 | medium | — | 6.1 | 12y ago | Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP pack… | |||
| CVE-2012-1366 | medium | — | 6.1 | 12y ago | Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted … | |||
| CVE-2012-4703 | medium | — | 6.1 | 13y ago | The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of se… | |||
| CVE-2012-6026 | medium | — | 6.1 | 13y ago | The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via cra… | |||
| CVE-2012-5634 | medium | — | 6.1 | 14y ago | Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause … | |||
| CVE-2012-5970 | medium | — | 6.1 | 14y ago | The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanni… | |||
| CVE-2012-4898 | medium | — | 6.1 | 14y ago | Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a cl… | |||
| CVE-2012-3495 | medium | — | 6.1 | 14y ago | The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking th… | |||
| CVE-2012-3748 | medium | — | 6.1 | 14y ago | Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Jav… | |||
| CVE-2012-3051 | medium | — | 6.1 | 14y ago | Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. | |||
| CVE-2012-4252 | medium | — | 6.1 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restric… | |||
| CVE-2012-2122 | medium | — | 6.1 | 14y ago | sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, whe… | |||
| CVE-2012-1872 | medium | 6.1 | 6.1 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding… | |||
| CVE-2012-2959 | medium | — | 6.1 | 14y ago | Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrato… | |||
| CVE-2012-1327 | medium | — | 6.1 | 14y ago | dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by… | |||
| CVE-2012-1800 | medium | — | 6.1 | 14y ago | Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote att… | |||
| CVE-2012-0930 | medium | 6.1 | 6.1 | 15y ago | Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1988 | medium | — | 6.0 | 4y ago | Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-crea… | |||
| CVE-2012-5451 | medium | — | 6.0 | 11y ago | Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET… | |||
| CVE-2012-2301 | medium | — | 6.0 | 12y ago | The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors. | |||
| CVE-2012-5243 | medium | — | 6.0 | 12y ago | functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request. | |||
| CVE-2012-5877 | medium | — | 6.0 | 12y ago | Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name. | |||
| CVE-2012-5876 | medium | — | 6.0 | 12y ago | Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (… | |||
| CVE-2012-4915 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. | |||
| CVE-2012-5192 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_… | |||
| CVE-2012-4733 | medium | — | 6.0 | 13y ago | Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permissio… | |||
| CVE-2012-6577 | medium | — | 6.0 | 13y ago | SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-6274 | medium | — | 6.0 | 13y ago | BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. | |||
| CVE-2012-2686 | medium | — | 6.0 | 14y ago | crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application cr… | |||
| CVE-2012-6522 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of thes… | |||
| CVE-2012-5875 | medium | — | 6.0 | 14y ago | Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2… | |||
| CVE-2012-6500 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to… | |||
| CVE-2012-6330 | medium | — | 6.0 | 14y ago | The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large i… | |||
| CVE-2012-5653 | medium | — | 6.0 | 14y ago | The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file nam… | |||
| CVE-2012-4528 | medium | — | 6.0 | 14y ago | The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an inv… | |||
| CVE-2012-6313 | medium | — | 6.0 | 14y ago | simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure o… | |||
| CVE-2012-6301 | medium | — | 6.0 | 14y ago | The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | |||
| CVE-2012-4347 | medium | — | 6.0 | 14y ago | Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1)… | |||
| CVE-2012-5537 | medium | — | 6.0 | 14y ago | The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling f… | |||
| CVE-2012-5615 | medium | — | 6.0 | 14y ago | Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending … | |||
| CVE-2012-6048 | medium | — | 6.0 | 14y ago | Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file. | |||
| CVE-2012-2437 | medium | — | 6.0 | 14y ago | cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content… | |||
| CVE-2012-0698 | medium | — | 6.0 | 14y ago | tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. |