CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2397 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) se… | |||
| CVE-2012-2270 | medium | — | 6.8 | 14y ago | Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r… | |||
| CVE-2012-2089 | medium | — | 6.8 | 14y ago | Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a d… | |||
| CVE-2012-1985 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requ… | |||
| CVE-2012-0777 | medium | — | 6.8 | 14y ago | The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption… | |||
| CVE-2012-1237 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2012-0258 | medium | — | 6.8 | 14y ago | Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, I… | |||
| CVE-2012-0257 | medium | — | 6.8 | 14y ago | Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, I… | |||
| CVE-2012-1925 | medium | — | 6.8 | 14y ago | Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arb… | |||
| CVE-2012-1924 | medium | — | 6.8 | 14y ago | Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog. | |||
| CVE-2012-1236 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (… | |||
| CVE-2012-0293 | medium | — | 6.8 | 14y ago | Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-1514 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2012-0458 | medium | — | 6.8 | 14y ago | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not… | |||
| CVE-2012-0608 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted … | |||
| CVE-2012-0317 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users f… | |||
| CVE-2012-1227 | medium | — | 6.8 | 15y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address… | |||
| CVE-2012-0993 | medium | — | 6.8 | 15y ago | Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via … | |||
| CVE-2012-0865 | medium | — | 6.8 | 15y ago | Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to … | |||
| CVE-2012-1216 | medium | — | 6.8 | 15y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via … | |||
| CVE-2012-1083 | medium | — | 6.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims … | |||
| CVE-2012-1055 | medium | — | 6.8 | 15y ago | Heap-based buffer overflow in PhotoLine 17.01 and possibly other versions before 17.02 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default … | |||
| CVE-2012-1052 | medium | — | 6.8 | 15y ago | Buffer overflow in IvanView 1.2.15 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||
| CVE-2012-1051 | medium | — | 6.8 | 15y ago | Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) m… | |||
| CVE-2012-0831 | medium | — | 6.8 | 15y ago | PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct S… | |||
| CVE-2012-1023 | medium | — | 6.8 | 15y ago | Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. | |||
| CVE-2012-0314 | medium | — | 6.8 | 15y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the aut… | |||
| CVE-2012-0978 | medium | — | 6.8 | 15y ago | Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a… | |||
| CVE-2012-0100 | medium | — | 6.8 | 15y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos. | |||
| CVE-2012-4104 | medium | — | 6.6 | 13y ago | Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary fi… | |||
| CVE-2012-4089 | medium | — | 6.6 | 13y ago | MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-le… | |||
| CVE-2012-4467 | medium | — | 6.6 | 14y ago | The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from… | |||
| CVE-2012-1691 | medium | — | 6.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges. | |||
| CVE-2012-6708 | medium | — | 6.5 | 6y ago | Cross-Site Scripting in jquery | |||
| CVE-2012-4379 | medium | 6.5 | 6.5 | 9y ago | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response i… | |||
| CVE-2012-5030 | medium | 6.5 | 6.5 | 9y ago | Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking… | |||
| CVE-2012-0811 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt func… | |||
| CVE-2012-5489 | medium | — | 6.5 | 12y ago | The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to g… | |||
| CVE-2012-0939 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id param… | |||
| CVE-2012-1313 | medium | — | 6.5 | 13y ago | The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. | |||
| CVE-2012-5766 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors … | |||
| CVE-2012-6144 | medium | — | 6.5 | 13y ago | Typo3 Backend History Module Vulnerable to SQL Injection | |||
| CVE-2012-6567 | medium | — | 6.5 | 13y ago | REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule. | |||
| CVE-2012-5767 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2012-6357 | medium | — | 6.5 | 14y ago | IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-… | |||
| CVE-2012-6356 | medium | — | 6.5 | 14y ago | IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. | |||
| CVE-2012-6355 | medium | — | 6.5 | 14y ago | IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Ser… | |||
| CVE-2012-5760 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-3321 | medium | — | 6.5 | 14y ago | IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password. | |||
| CVE-2012-3286 | medium | — | 6.5 | 14y ago | Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cau… | |||
| CVE-2012-2293 | medium | — | 6.5 | 14y ago | Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary… | |||
| CVE-2012-0701 | medium | — | 6.5 | 14y ago | The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allow… | |||
| CVE-2012-0205 | medium | — | 6.5 | 14y ago | InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remot… | |||
| CVE-2012-4414 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5… | |||
| CVE-2012-4549 | medium | 6.5 | 6.5 | 14y ago | A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all reque… | |||
| CVE-2012-5931 | medium | — | 6.5 | 14y ago | Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or ov… | |||
| CVE-2012-5610 | medium | — | 6.5 | 14y ago | Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a spe… | |||
| CVE-2012-5609 | medium | — | 6.5 | 14y ago | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. | |||
| CVE-2012-4974 | medium | — | 6.5 | 14y ago | Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) logg… | |||
| CVE-2012-5479 | medium | — | 6.5 | 14y ago | The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | |||
| CVE-2012-5471 | medium | — | 6.5 | 14y ago | Moodle Allows Unauthenticated Dropbox Access | |||
| CVE-2012-5910 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | |||
| CVE-2012-5454 | medium | — | 6.5 | 14y ago | user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE… | |||
| CVE-2012-1751 | medium | — | 6.5 | 14y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availabili… | |||
| CVE-2012-4465 | medium | — | 6.5 | 14y ago | Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code v… | |||
| CVE-2012-5328 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via … | |||
| CVE-2012-5327 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrar… | |||
| CVE-2012-3489 | medium | 6.5 | 6.5 | 14y ago | The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users… | |||
| CVE-2012-4064 | medium | — | 6.5 | 14y ago | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Con… | |||
| CVE-2012-5162 | medium | — | 6.5 | 14y ago | Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (… | |||
| CVE-2012-4994 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NO… | |||
| CVE-2012-0747 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, an… | |||
| CVE-2012-0728 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, an… | |||
| CVE-2012-0727 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and… | |||
| CVE-2012-3132 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors in… | |||
| CVE-2012-3395 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands … | |||
| CVE-2012-2363 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calend… | |||
| CVE-2012-2359 | medium | — | 6.5 | 14y ago | admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying the… | |||
| CVE-2012-0866 | medium | — | 6.5 | 14y ago | CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY … | |||
| CVE-2012-1571 | medium | 6.5 | 6.5 | 14y ago | file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid po… | |||
| CVE-2012-0795 | medium | — | 6.5 | 14y ago | Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified im… | |||
| CVE-2012-2282 | medium | — | 6.5 | 14y ago | EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement N… | |||
| CVE-2012-1037 | medium | — | 6.5 | 14y ago | PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. | |||
| CVE-2012-2670 | medium | — | 6.5 | 14y ago | manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by u… | |||
| CVE-2012-0037 | medium | 6.5 | 6.5 | 14y ago | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read… | |||
| CVE-2012-1828 | medium | — | 6.5 | 14y ago | The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowled… | |||
| CVE-2012-1827 | medium | — | 6.5 | 14y ago | The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated… | |||
| CVE-2012-2603 | medium | — | 6.5 | 14y ago | The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. | |||
| CVE-2012-1798 | medium | 6.5 | 6.5 | 14y ago | The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF … | |||
| CVE-2012-0260 | medium | 6.5 | 6.5 | 14y ago | The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of re… | |||
| CVE-2012-0259 | medium | 6.5 | 6.5 | 14y ago | The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolu… | |||
| CVE-2012-2435 | medium | — | 6.5 | 14y ago | Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha para… | |||
| CVE-2012-0564 | medium | — | 6.5 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect confidentiality, integrity, and av… | |||
| CVE-2012-0337 | medium | — | 6.5 | 14y ago | SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. | |||
| CVE-2012-2416 | medium | — | 6.5 | 14y ago | chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, all… | |||
| CVE-2012-2415 | medium | — | 6.5 | 14y ago | Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated use… | |||
| CVE-2012-2414 | medium | — | 6.5 | 14y ago | main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not prop… | |||
| CVE-2012-2111 | medium | — | 6.5 | 14y ago | The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not p… | |||
| CVE-2012-2230 | medium | — | 6.5 | 14y ago | Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to i… | |||
| CVE-2012-1574 | medium | — | 6.5 | 14y ago | Apache Hadoop allows impersonation of arbitrary cluster user accounts |