Export limit exceeded: 337711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337711 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 9.8 Critical |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | ||||
| CVE-2012-2204 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.5 Medium |
| InfoSphere Guardium aix_ktap module: DoS | ||||
| CVE-2012-2201 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 7.5 High |
| IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager. | ||||
| CVE-2012-2166 | 1 Ibm | 8 Xiv Storage System 2810-114, Xiv Storage System 2810-114 Firmware, Xiv Storage System 2810-a14 and 5 more | 2024-11-21 | N/A |
| IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041. | ||||
| CVE-2012-2160 | 1 Ibm | 1 Rational Change | 2024-11-21 | 6.1 Medium |
| IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2024-11-21 | 3.3 Low |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | ||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | ||||
| CVE-2012-2130 | 3 Debian, Fedoraproject, Polarssl | 3 Debian Linux, Fedora, Polarssl | 2024-11-21 | 7.4 High |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | ||||
| CVE-2012-2092 | 1 Canonical | 1 Ubuntu Cobbler | 2024-11-21 | 5.9 Medium |
| A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. | ||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 9.8 Critical |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | ||||
| CVE-2012-2079 | 1 Drupal | 1 Activity | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. | ||||
| CVE-2012-2078 | 1 Drupal | 1 Activity | 2024-11-21 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. | ||||
| CVE-2012-20001 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.1 Medium |
| PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | ||||
| CVE-2012-1994 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 5.7 Medium |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information | ||||
| CVE-2012-1932 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. | ||||
| CVE-2012-1915 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 6.1 Medium |
| EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. | ||||
| CVE-2012-1903 | 1 Telligent | 1 Community | 2024-11-21 | 5.4 Medium |
| XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. | ||||
| CVE-2012-1637 | 1 Drupal | 1 Quick Tabs | 2024-11-21 | 4.8 Medium |
| Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal. | ||||
| CVE-2012-1615 | 1 Fedoraproject | 2 Fedora, Sectool | 2024-11-21 | 7.8 High |
| A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. | ||||
| CVE-2012-1592 | 1 Apache | 1 Struts | 2024-11-21 | 8.8 High |
| A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. | ||||