CVEs from 2012
Total
5,198
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1754 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than … | |||
| CVE-2012-1748 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Cand… | |||
| CVE-2012-1734 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||
| CVE-2012-1732 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than … | |||
| CVE-2012-1689 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||
| CVE-2012-0540 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension. | |||
| CVE-2012-0796 | medium | — | 4.0 | 14y ago | PHPMailer vulnerable to email header injection | |||
| CVE-2012-0792 | medium | — | 4.0 | 14y ago | mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts. | |||
| CVE-2012-3812 | medium | — | 4.0 | 14y ago | Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones … | |||
| CVE-2012-3863 | medium | — | 4.0 | 14y ago | channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Aste… | |||
| CVE-2012-2133 | medium | — | 4.0 | 14y ago | Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting w… | |||
| CVE-2012-3802 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. | |||
| CVE-2012-3553 | medium | — | 4.0 | 14y ago | chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon cr… | |||
| CVE-2012-2597 | medium | — | 4.0 | 14y ago | Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. | |||
| CVE-2012-1013 | medium | — | 4.0 | 14y ago | The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a deni… | |||
| CVE-2012-2948 | medium | — | 4.0 | 14y ago | chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authent… | |||
| CVE-2012-2927 | medium | — | 4.0 | 14y ago | The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote … | |||
| CVE-2012-1707 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affec… | |||
| CVE-2012-1697 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | |||
| CVE-2012-1696 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||
| CVE-2012-1690 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors relate… | |||
| CVE-2012-1688 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML. | |||
| CVE-2012-1674 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown ve… | |||
| CVE-2012-0583 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM. | |||
| CVE-2012-0582 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown ve… | |||
| CVE-2012-0576 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 6.0.1 and 6.2.0 allows remote authenticated users to affect integrity via unknown vecto… | |||
| CVE-2012-0571 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to… | |||
| CVE-2012-0562 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Cand… | |||
| CVE-2012-0559 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related … | |||
| CVE-2012-0536 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vect… | |||
| CVE-2012-0534 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity vi… | |||
| CVE-2012-0533 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related… | |||
| CVE-2012-0530 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect integrity via unknown vectors related to ePr… | |||
| CVE-2012-0521 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 Bundle #9 allows remote authenticated users to affect confidentiality via unknown vectors relate… | |||
| CVE-2012-0515 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2012-0514 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality, related to SEC. | |||
| CVE-2012-0466 | medium | — | 4.0 | 14y ago | template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remot… | |||
| CVE-2012-0712 | medium | — | 4.0 | 14y ago | The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a … | |||
| CVE-2012-0709 | medium | — | 4.0 | 14y ago | IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by levera… | |||
| CVE-2012-1513 | medium | — | 4.0 | 14y ago | The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows … | |||
| CVE-2012-1497 | medium | — | 4.0 | 14y ago | The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory t… | |||
| CVE-2012-1289 | medium | — | 4.0 | 15y ago | Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or … | |||
| CVE-2012-0396 | medium | — | 4.0 | 15y ago | EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or… | |||
| CVE-2012-0448 | medium | — | 4.0 | 15y ago | Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user … | |||
| CVE-2012-0495 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0491 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0490 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2012-0489 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0488 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0487 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011… | |||
| CVE-2012-0485 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0484 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2012-0120 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0119 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0115 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0102 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0101 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0089 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerf… | |||
| CVE-2012-0088 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors re… | |||
| CVE-2012-0087 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV… | |||
| CVE-2012-0078 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST … | |||
| CVE-2012-0076 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related … | |||
| CVE-2012-0074 | medium | — | 4.0 | 15y ago | Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales. | |||
| CVE-2012-0032 | low | — | 3.7 | 12y ago | Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files w… | |||
| CVE-2012-3359 | low | — | 3.7 | 12y ago | Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this is… | |||
| CVE-2012-0787 | low | — | 3.7 | 13y ago | The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files a… | |||
| CVE-2012-4572 | low | — | 3.7 | 13y ago | Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implemen… | |||
| CVE-2012-5659 | low | — | 3.7 | 13y ago | Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary … | |||
| CVE-2012-3128 | low | — | 3.7 | 14y ago | Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown v… | |||
| CVE-2012-2693 | low | — | 3.7 | 14y ago | libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associate… | |||
| CVE-2012-1720 | low | — | 3.7 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when ru… | |||
| CVE-2012-0133 | low | — | 3.7 | 14y ago | HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on… | |||
| CVE-2012-0105 | low | — | 3.7 | 15y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to W… | |||
| CVE-2012-0081 | low | — | 3.7 | 15y ago | Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. | |||
| CVE-2012-1989 | low | — | 3.6 | 9y ago | telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connect… | |||
| CVE-2012-5477 | low | — | 3.6 | 12y ago | The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. | |||
| CVE-2012-6150 | low | — | 3.6 | 13y ago | The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which all… | |||
| CVE-2012-5972 | low | — | 3.6 | 14y ago | Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | |||
| CVE-2012-1699 | low | — | 3.6 | 14y ago | The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointe… | |||
| CVE-2012-5638 | low | — | 3.6 | 14y ago | The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restricti… | |||
| CVE-2012-5557 | low | — | 3.6 | 14y ago | The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configu… | |||
| CVE-2012-4417 | low | — | 3.6 | 14y ago | GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||
| CVE-2012-3750 | low | — | 3.6 | 14y ago | The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access P… | |||
| CVE-2012-4518 | low | — | 3.6 | 14y ago | ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. | |||
| CVE-2012-3225 | low | — | 3.6 | 14y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and int… | |||
| CVE-2012-3165 | low | — | 3.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx. | |||
| CVE-2012-3504 | low | — | 3.6 | 14y ago | The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. | |||
| CVE-2012-5349 | low | — | 3.6 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3… | |||
| CVE-2012-3738 | low | — | 3.6 | 14y ago | The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended acces… | |||
| CVE-2012-4600 | low | — | 3.6 | 14y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote… | |||
| CVE-2012-1597 | low | — | 3.6 | 14y ago | Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2012-3952 | low | — | 3.6 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | |||
| CVE-2012-3454 | low | — | 3.6 | 14y ago | eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files. | |||
| CVE-2012-3453 | low | — | 3.6 | 14y ago | logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. | |||
| CVE-2012-3449 | low | — | 3.6 | 14y ago | Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and … | |||
| CVE-2012-3450 | low | — | 3.6 | 14y ago | pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote a… | |||
| CVE-2012-3355 | low | — | 3.6 | 14y ago | (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack … | |||
| CVE-2012-1620 | low | — | 3.6 | 14y ago | slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which revea… | |||
| CVE-2012-1122 | low | — | 3.6 | 14y ago | bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users wit… | |||
| CVE-2012-1120 | low | — | 3.6 | 14y ago | The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SO… |