Export limit exceeded: 337926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5776 | 1 Dokeos | 1 Dokeos | 2024-11-21 | 5.4 Medium |
| Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php. | ||||
| CVE-2012-5699 | 1 Babygekko | 1 Babygekko | 2024-11-21 | 9.8 Critical |
| BabyGekko before 1.2.4 allows PHP file inclusion. | ||||
| CVE-2012-5698 | 1 Babygekko | 1 Babygekko | 2024-11-21 | 8.8 High |
| BabyGekko before 1.2.4 has SQL injection. | ||||
| CVE-2012-5693 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2024-11-21 | 8.8 High |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. | ||||
| CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2024-11-21 | 9.8 Critical |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. | ||||
| CVE-2012-5663 | 1 Openbsd | 1 Textproc\/isearch | 2024-11-21 | 7.5 High |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). | ||||
| CVE-2012-5645 | 2 Fedoraproject, Freeciv | 2 Fedora, Freeciv | 2024-11-21 | 7.5 High |
| A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. | ||||
| CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2024-11-21 | 5.5 Medium |
| libuser has information disclosure when moving user's home directory | ||||
| CVE-2012-5640 | 1 Acme | 1 Thttpd | 2024-11-21 | 5.5 Medium |
| thttpd has a local DoS vulnerability via specially-crafted .htpasswd files | ||||
| CVE-2012-5631 | 1 Freeipa | 1 Freeipa | 2024-11-21 | 8.8 High |
| ipa 3.0 does not properly check server identity before sending credential containing cookies | ||||
| CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2024-11-21 | 6.3 Medium |
| libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | ||||
| CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2024-11-21 | N/A |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | ||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-11-21 | 7.5 High |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | ||||
| CVE-2012-5623 | 1 Squirrelmail | 1 Change Passwd | 2024-11-21 | 7.5 High |
| Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | ||||
| CVE-2012-5618 | 1 Ushahidi | 1 Ushahidi | 2024-11-21 | 9.8 Critical |
| Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. | ||||
| CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.8 High |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | ||||
| CVE-2012-5582 | 1 Opendnssec | 1 Opendnssec | 2024-11-21 | 9.8 Critical |
| opendnssec misuses libcurl API | ||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2024-11-21 | 6.2 Medium |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created | ||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2024-11-21 | 7.5 High |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. | ||||
| CVE-2012-5570 | 1 Basic Webmail Project | 1 Basic Webmail | 2024-11-21 | 4.3 Medium |
| The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. | ||||