CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5510 | medium | — | 4.7 | 14y ago | Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial … | |||
| CVE-2012-6031 | medium | — | 4.7 | 14y ago | The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related t… | |||
| CVE-2012-3496 | medium | — | 4.7 | 14y ago | XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG … | |||
| CVE-2012-3212 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2012-4442 | medium | — | 4.7 | 14y ago | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictio… | |||
| CVE-2012-2745 | medium | — | 4.7 | 14y ago | The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (pa… | |||
| CVE-2012-1765 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone. | |||
| CVE-2012-1706 | medium | — | 4.7 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affec… | |||
| CVE-2012-1111 | medium | — | 4.6 | 12y ago | lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. | |||
| CVE-2012-5697 | medium | — | 4.6 | 12y ago | The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users t… | |||
| CVE-2012-5037 | medium | — | 4.6 | 12y ago | The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an o… | |||
| CVE-2012-0064 | medium | — | 4.6 | 13y ago | xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations th… | |||
| CVE-2012-4135 | medium | — | 4.6 | 13y ago | Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCt… | |||
| CVE-2012-4131 | medium | — | 4.6 | 13y ago | Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | |||
| CVE-2012-4113 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interfa… | |||
| CVE-2012-4107 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bu… | |||
| CVE-2012-4105 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86… | |||
| CVE-2012-4081 | medium | — | 4.6 | 13y ago | MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCt… | |||
| CVE-2012-4093 | medium | — | 4.6 | 13y ago | The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. | |||
| CVE-2012-4542 | medium | — | 4.6 | 13y ago | block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restricti… | |||
| CVE-2012-5429 | medium | — | 4.6 | 14y ago | The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted applicati… | |||
| CVE-2012-6472 | medium | — | 4.6 | 14y ago | Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configurati… | |||
| CVE-2012-6065 | medium | — | 4.6 | 14y ago | The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary… | |||
| CVE-2012-4411 | medium | — | 4.6 | 14y ago | The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-099… | |||
| CVE-2012-1167 | medium | — | 4.6 | 14y ago | The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the ser… | |||
| CVE-2012-4506 | medium | — | 4.6 | 14y ago | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories … | |||
| CVE-2012-3211 | medium | — | 4.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call. | |||
| CVE-2012-0065 | medium | — | 4.6 | 14y ago | Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNu… | |||
| CVE-2012-3736 | medium | — | 4.6 | 14y ago | The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | |||
| CVE-2012-3723 | medium | — | 4.6 | 14y ago | Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (… | |||
| CVE-2012-3257 | medium | — | 4.6 | 14y ago | HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. | |||
| CVE-2012-3537 | medium | — | 4.6 | 14y ago | The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands vi… | |||
| CVE-2012-3527 | medium | — | 4.6 | 14y ago | TYPO3 allows remote authenticated backend users to unserialize arbitrary objects | |||
| CVE-2012-3410 | medium | — | 4.6 | 14y ago | Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properl… | |||
| CVE-2012-2375 | medium | — | 4.6 | 14y ago | The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote N… | |||
| CVE-2012-1328 | medium | — | 4.6 | 14y ago | Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via uns… | |||
| CVE-2012-1931 | medium | — | 4.6 | 14y ago | Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. | |||
| CVE-2012-1930 | medium | — | 4.6 | 14y ago | Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. | |||
| CVE-2012-1417 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user … | |||
| CVE-2012-5388 | low | — | 4.5 | 14y ago | Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the … | |||
| CVE-2012-1613 | low | — | 4.5 | 14y ago | Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML… | |||
| CVE-2012-2206 | low | — | 4.5 | 14y ago | The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as … | |||
| CVE-2012-2202 | low | — | 4.5 | 14y ago | Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticat… | |||
| CVE-2012-1979 | low | — | 4.5 | 14y ago | Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Ema… | |||
| CVE-2012-0991 | low | — | 4.5 | 15y ago | Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php;… | |||
| CVE-2012-0990 | low | — | 4.5 | 15y ago | Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify acco… | |||
| CVE-2012-0420 | medium | — | 4.4 | 13y ago | zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in th… | |||
| CVE-2012-6076 | medium | — | 4.4 | 13y ago | Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and poss… | |||
| CVE-2012-2372 | medium | — | 4.4 | 14y ago | The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG… | |||
| CVE-2012-2252 | medium | — | 4.4 | 14y ago | Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. | |||
| CVE-2012-2251 | medium | — | 4.4 | 14y ago | rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. | |||
| CVE-2012-5675 | medium | — | 4.4 | 14y ago | Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | |||
| CVE-2012-6036 | medium | — | 4.4 | 14y ago | The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, w… | |||
| CVE-2012-6034 | medium | — | 4.4 | 14y ago | The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check … | |||
| CVE-2012-6033 | medium | — | 4.4 | 14y ago | The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via un… | |||
| CVE-2012-4436 | medium | — | 4.4 | 14y ago | Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execu… | |||
| CVE-2012-3466 | medium | — | 4.4 | 14y ago | GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unsp… | |||
| CVE-2012-5095 | medium | — | 4.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd. | |||
| CVE-2012-4677 | medium | — | 4.4 | 14y ago | Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||
| CVE-2012-3381 | medium | — | 4.4 | 14y ago | sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||
| CVE-2012-3386 | medium | — | 4.4 | 14y ago | The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local use… | |||
| CVE-2012-2652 | medium | — | 4.4 | 14y ago | The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink att… | |||
| CVE-2012-3018 | medium | — | 4.4 | 14y ago | The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authen… | |||
| CVE-2012-0305 | medium | — | 4.4 | 14y ago | Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the cur… | |||
| CVE-2012-1750 | medium | — | 4.4 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx. | |||
| CVE-2012-1054 | medium | — | 4.4 | 14y ago | Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local … | |||
| CVE-2012-0110 | medium | — | 4.4 | 15y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availa… | |||
| CVE-2012-3458 | medium | — | 4.3 | 4y ago | Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. | |||
| CVE-2012-6082 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. | |||
| CVE-2012-5494 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, relat… | |||
| CVE-2012-5504 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5500 | medium | — | 4.3 | 4y ago | The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a cr… | |||
| CVE-2012-2654 | medium | — | 4.3 | 4y ago | The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc… | |||
| CVE-2012-6132 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. | |||
| CVE-2012-5507 | medium | — | 4.3 | 8y ago | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa… | |||
| CVE-2012-2694 | medium | — | 4.3 | 9y ago | actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request | |||
| CVE-2012-3867 | medium | — | 4.3 | 9y ago | lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Ce… | |||
| CVE-2012-6662 | medium | — | 4.3 | 9y ago | jquery-ui Tooltip widget vulnerable to XSS | |||
| CVE-2012-6692 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p… | |||
| CVE-2012-3243 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this informat… | |||
| CVE-2012-2932 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) … | |||
| CVE-2012-1303 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf… | |||
| CVE-2012-1302 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or … | |||
| CVE-2012-5866 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | |||
| CVE-2012-2413 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/… | |||
| CVE-2012-6316 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script… | |||
| CVE-2012-5491 | medium | — | 4.3 | 12y ago | z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | |||
| CVE-2012-5490 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6107 | medium | — | 4.3 | 12y ago | Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack… | |||
| CVE-2012-6659 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2012-1032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE… | |||
| CVE-2012-6153 | medium | — | 4.3 | 12y ago | Improper certificate validation in org.apache.httpcomponents:httpclient | |||
| CVE-2012-4226 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3… | |||
| CVE-2012-4241 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3)… | |||
| CVE-2012-1621 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a par… | |||
| CVE-2012-3522 | medium | — | 4.3 | 12y ago | GeSHi vulnerable to Cross-site Scripting | |||
| CVE-2012-4728 | medium | — | 4.3 | 12y ago | The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NU… | |||
| CVE-2012-5057 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | |||
| CVE-2012-5056 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odf… | |||
| CVE-2012-3333 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HT… |