CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6647 | medium | — | 4.9 | 12y ago | The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of serv… | |||
| CVE-2012-4638 | medium | — | 4.9 | 12y ago | Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. | |||
| CVE-2012-0059 | medium | 4.9 | 4.9 | 13y ago | A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error message… | |||
| CVE-2012-2697 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via … | |||
| CVE-2012-4398 | medium | — | 4.9 | 14y ago | The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via… | |||
| CVE-2012-5478 | medium | — | 4.9 | 14y ago | The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly … | |||
| CVE-2012-6396 | medium | — | 4.9 | 14y ago | Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a… | |||
| CVE-2012-5532 | medium | — | 4.9 | 14y ago | The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application… | |||
| CVE-2012-4538 | medium | — | 4.9 | 14y ago | The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of serv… | |||
| CVE-2012-3433 | medium | — | 4.9 | 14y ago | Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared pa… | |||
| CVE-2012-6032 | medium | — | 4.9 | 14y ago | Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial… | |||
| CVE-2012-3228 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authent… | |||
| CVE-2012-3208 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL. | |||
| CVE-2012-3207 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-0106 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via u… | |||
| CVE-2012-3488 | medium | — | 4.9 | 14y ago | The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote… | |||
| CVE-2012-3459 | medium | — | 4.9 | 14y ago | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted ad… | |||
| CVE-2012-2735 | medium | — | 4.9 | 14y ago | Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session co… | |||
| CVE-2012-4402 | medium | — | 4.9 | 14y ago | webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run ar… | |||
| CVE-2012-1649 | medium | — | 4.9 | 14y ago | Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecifie… | |||
| CVE-2012-4582 | medium | — | 4.9 | 14y ago | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbit… | |||
| CVE-2012-3447 | medium | — | 4.9 | 14y ago | virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an im… | |||
| CVE-2012-3247 | medium | — | 4.9 | 14y ago | Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users… | |||
| CVE-2012-3426 | medium | — | 4.9 | 14y ago | OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass in… | |||
| CVE-2012-0723 | medium | — | 4.9 | 14y ago | The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a c… | |||
| CVE-2012-1752 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS. | |||
| CVE-2012-2016 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2012-1121 | medium | — | 4.9 | 14y ago | MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | |||
| CVE-2012-2192 | medium | — | 4.9 | 14y ago | The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence … | |||
| CVE-2012-2390 | medium | — | 4.9 | 14y ago | Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations. | |||
| CVE-2012-2384 | medium | — | 4.9 | 14y ago | Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platfo… | |||
| CVE-2012-2383 | medium | — | 4.9 | 14y ago | Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platform… | |||
| CVE-2012-2121 | medium | — | 4.9 | 14y ago | The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory… | |||
| CVE-2012-1601 | medium | — | 4.9 | 14y ago | The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after … | |||
| CVE-2012-0652 | medium | — | 4.9 | 14y ago | Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows … | |||
| CVE-2012-1692 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP. | |||
| CVE-2012-1681 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs. | |||
| CVE-2012-0573 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to… | |||
| CVE-2012-0525 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.… | |||
| CVE-2012-2006 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors. | |||
| CVE-2012-2273 | medium | — | 4.9 | 14y ago | Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel Image… | |||
| CVE-2012-0134 | medium | — | 4.9 | 14y ago | Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via … | |||
| CVE-2012-0118 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different v… | |||
| CVE-2012-0116 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2012-0103 | medium | — | 4.9 | 15y ago | Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-0030 | medium | — | 4.9 | 15y ago | Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI par… | |||
| CVE-2012-5969 | medium | — | 4.8 | 14y ago | Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbit… | |||
| CVE-2012-5968 | medium | — | 4.8 | 14y ago | The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to … | |||
| CVE-2012-4565 | medium | — | 4.7 | 14y ago | The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial… | |||
| CVE-2012-6333 | medium | — | 4.7 | 14y ago | Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | |||
| CVE-2012-5515 | medium | — | 4.7 | 14y ago | The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop an… | |||
| CVE-2012-5514 | medium | — | 4.7 | 14y ago | The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to ca… | |||
| CVE-2012-5511 | medium | — | 4.7 | 14y ago | Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. | |||
| CVE-2012-5510 | medium | — | 4.7 | 14y ago | Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial … | |||
| CVE-2012-6031 | medium | — | 4.7 | 14y ago | The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related t… | |||
| CVE-2012-3496 | medium | — | 4.7 | 14y ago | XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG … | |||
| CVE-2012-3212 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-4442 | medium | — | 4.7 | 14y ago | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictio… | |||
| CVE-2012-2745 | medium | — | 4.7 | 14y ago | The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (pa… | |||
| CVE-2012-1765 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone. | |||
| CVE-2012-1706 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affec… | |||
| CVE-2012-1111 | medium | — | 4.6 | 12y ago | lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. | |||
| CVE-2012-5697 | medium | — | 4.6 | 12y ago | The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users t… | |||
| CVE-2012-5037 | medium | — | 4.6 | 12y ago | The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an o… | |||
| CVE-2012-0064 | medium | — | 4.6 | 13y ago | xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations th… | |||
| CVE-2012-4135 | medium | — | 4.6 | 13y ago | Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCt… | |||
| CVE-2012-4131 | medium | — | 4.6 | 13y ago | Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | |||
| CVE-2012-4113 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interfa… | |||
| CVE-2012-4107 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bu… | |||
| CVE-2012-4105 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86… | |||
| CVE-2012-4081 | medium | — | 4.6 | 13y ago | MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCt… | |||
| CVE-2012-4093 | medium | — | 4.6 | 13y ago | The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. | |||
| CVE-2012-4542 | medium | — | 4.6 | 13y ago | block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restricti… | |||
| CVE-2012-5429 | medium | — | 4.6 | 14y ago | The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted applicati… | |||
| CVE-2012-6472 | medium | — | 4.6 | 14y ago | Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configurati… | |||
| CVE-2012-6065 | medium | — | 4.6 | 14y ago | The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary… | |||
| CVE-2012-4411 | medium | — | 4.6 | 14y ago | The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-099… | |||
| CVE-2012-1167 | medium | — | 4.6 | 14y ago | The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the ser… | |||
| CVE-2012-4506 | medium | — | 4.6 | 14y ago | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories … | |||
| CVE-2012-3211 | medium | — | 4.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call. | |||
| CVE-2012-0065 | medium | — | 4.6 | 14y ago | Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNu… | |||
| CVE-2012-3736 | medium | — | 4.6 | 14y ago | The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | |||
| CVE-2012-3723 | medium | — | 4.6 | 14y ago | Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (… | |||
| CVE-2012-3257 | medium | — | 4.6 | 14y ago | HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. | |||
| CVE-2012-3537 | medium | — | 4.6 | 14y ago | The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands vi… | |||
| CVE-2012-3527 | medium | — | 4.6 | 14y ago | TYPO3 allows remote authenticated backend users to unserialize arbitrary objects | |||
| CVE-2012-3410 | medium | — | 4.6 | 14y ago | Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properl… | |||
| CVE-2012-2375 | medium | — | 4.6 | 14y ago | The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote N… | |||
| CVE-2012-1328 | medium | — | 4.6 | 14y ago | Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via uns… | |||
| CVE-2012-1931 | medium | — | 4.6 | 14y ago | Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. | |||
| CVE-2012-1930 | medium | — | 4.6 | 14y ago | Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. | |||
| CVE-2012-1417 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user … | |||
| CVE-2012-5388 | low | — | 4.5 | 14y ago | Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the … | |||
| CVE-2012-1613 | low | — | 4.5 | 14y ago | Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML… | |||
| CVE-2012-2206 | low | — | 4.5 | 14y ago | The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as … | |||
| CVE-2012-2202 | low | — | 4.5 | 14y ago | Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticat… | |||
| CVE-2012-1979 | low | — | 4.5 | 14y ago | Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Ema… | |||
| CVE-2012-0991 | low | — | 4.5 | 15y ago | Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php;… | |||
| CVE-2012-0990 | low | — | 4.5 | 15y ago | Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify acco… | |||
| CVE-2012-0420 | medium | — | 4.4 | 13y ago | zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in th… |