CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2573 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) … | |||
| CVE-2012-2571 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2… | |||
| CVE-2012-2584 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style … | |||
| CVE-2012-2577 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslo… | |||
| CVE-2012-4247 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remot… | |||
| CVE-2012-4246 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the… | |||
| CVE-2012-3848 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-2442 | medium | — | 5.3 | 14y ago | Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. | |||
| CVE-2012-2955 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security … | |||
| CVE-2012-4000 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remo… | |||
| CVE-2012-3236 | medium | — | 5.3 | 14y ago | fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated us… | |||
| CVE-2012-3805 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-3840 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) la… | |||
| CVE-2012-3837 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u… | |||
| CVE-2012-3836 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the u… | |||
| CVE-2012-3835 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url… | |||
| CVE-2012-3831 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. | |||
| CVE-2012-3830 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. | |||
| CVE-2012-2698 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to … | |||
| CVE-2012-3232 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. | |||
| CVE-2012-2172 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote atta… | |||
| CVE-2012-1858 | medium | — | 5.3 | 14y ago | The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, w… | |||
| CVE-2012-2941 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||
| CVE-2012-2940 | medium | — | 5.3 | 14y ago | MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file. | |||
| CVE-2012-2938 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) ho… | |||
| CVE-2012-2436 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize ac… | |||
| CVE-2012-1990 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvari… | |||
| CVE-2012-2918 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | |||
| CVE-2012-2917 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-an… | |||
| CVE-2012-2914 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-2913 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.p… | |||
| CVE-2012-2911 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter. | |||
| CVE-2012-2910 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.ran… | |||
| CVE-2012-2909 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Wo… | |||
| CVE-2012-2906 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add… | |||
| CVE-2012-2904 | medium | — | 5.3 | 14y ago | player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug par… | |||
| CVE-2012-2903 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) ta… | |||
| CVE-2012-2234 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an a… | |||
| CVE-2012-2396 | medium | — | 5.3 | 14y ago | VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. | |||
| CVE-2012-2156 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field… | |||
| CVE-2012-0067 | medium | — | 5.3 | 14y ago | wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. | |||
| CVE-2012-1904 | medium | — | 5.3 | 14y ago | mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of servic… | |||
| CVE-2012-1465 | medium | — | 5.3 | 14y ago | Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NO… | |||
| CVE-2012-1039 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb p… | |||
| CVE-2012-1787 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DO… | |||
| CVE-2012-1782 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar. | |||
| CVE-2012-1213 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitra… | |||
| CVE-2012-1211 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | |||
| CVE-2012-1208 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2012-0873 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or th… | |||
| CVE-2012-1224 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1217 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.p… | |||
| CVE-2012-1069 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1065 | medium | — | 5.3 | 15y ago | Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the Expor… | |||
| CVE-2012-1059 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-1049 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp… | |||
| CVE-2012-1048 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web … | |||
| CVE-2012-0834 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engi… | |||
| CVE-2012-1028 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parame… | |||
| CVE-2012-1027 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-1021 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. | |||
| CVE-2012-1018 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc… | |||
| CVE-2012-1005 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as… | |||
| CVE-2012-1007 | medium | — | 5.3 | 15y ago | Withdrawn Advisory: Apache Struts XSS | |||
| CVE-2012-1006 | medium | — | 5.3 | 15y ago | Apache Struts Multiple Cross-site Scripting Vulnerabilities | |||
| CVE-2012-0782 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or … | |||
| CVE-2012-0932 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2012-0053 | medium | — | 5.3 | 15y ago | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to … | |||
| CVE-2012-0389 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers t… | |||
| CVE-2012-0285 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0904 | medium | — | 5.3 | 15y ago | VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. | |||
| CVE-2012-0901 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | |||
| CVE-2012-0900 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon… | |||
| CVE-2012-0899 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the n… | |||
| CVE-2012-0895 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. | |||
| CVE-2012-0007 | medium | — | 5.3 | 15y ago | The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remot… | |||
| CVE-2012-2119 | medium | — | 5.2 | 14y ago | Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a lon… | |||
| CVE-2012-1179 | medium | — | 5.2 | 14y ago | The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_cle… | |||
| CVE-2012-0878 | medium | — | 5.1 | 4y ago | Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leverag… | |||
| CVE-2012-4424 | medium | — | 5.1 | 13y ago | Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execut… | |||
| CVE-2012-4086 | medium | — | 5.1 | 13y ago | A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | |||
| CVE-2012-4087 | medium | — | 5.1 | 13y ago | A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. | |||
| CVE-2012-4545 | medium | — | 5.1 | 14y ago | The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials thro… | |||
| CVE-2012-4472 | medium | — | 5.1 | 14y ago | Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an… | |||
| CVE-2012-4463 | medium | — | 5.1 | 14y ago | Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attac… | |||
| CVE-2012-1177 | medium | — | 5.1 | 14y ago | libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoof… | |||
| CVE-2012-2077 | medium | — | 5.1 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permi… | |||
| CVE-2012-3129 | medium | — | 5.1 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer. | |||
| CVE-2012-3799 | medium | — | 5.1 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2012-2719 | medium | — | 5.1 | 14y ago | The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a … | |||
| CVE-2012-2942 | medium | — | 5.1 | 14y ago | Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, … | |||
| CVE-2012-1248 | medium | — | 5.1 | 14y ago | app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative… | |||
| CVE-2012-0453 | medium | — | 5.1 | 15y ago | Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of … | |||
| CVE-2012-0440 | medium | — | 5.1 | 15y ago | Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hij… | |||
| CVE-2012-0807 | medium | — | 5.1 | 15y ago | Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and … | |||
| CVE-2012-0268 | medium | — | 5.1 | 15y ago | Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafte… | |||
| CVE-2012-3443 | medium | — | 5.0 | 4y ago | The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a… | |||
| CVE-2012-3444 | medium | — | 5.0 | 4y ago | The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows re… | |||
| CVE-2012-5492 | medium | — | 5.0 | 4y ago | uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | |||
| CVE-2012-5506 | medium | — | 5.0 | 4y ago | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permissi… |