Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4030 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 7.5 High |
| Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. | ||||
| CVE-2012-4029 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. | ||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | ||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
| CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | ||||
| CVE-2012-3821 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 4.3 Medium |
| A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | ||||
| CVE-2012-3810 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has registry modification. | ||||
| CVE-2012-3809 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. | ||||
| CVE-2012-3808 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. | ||||
| CVE-2012-3807 | 1 Samsung | 1 Kies | 2024-11-21 | 9.8 Critical |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | ||||
| CVE-2012-3806 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service. | ||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-11-21 | 7.5 High |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | ||||
| CVE-2012-3536 | 1 Apache | 1 Hupa | 2024-11-21 | N/A |
| Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3. | ||||
| CVE-2012-3490 | 1 Wisc | 1 Htcondor | 2024-11-21 | 8.8 High |
| The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 8.8 High |
| A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | ||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2024-11-21 | 9.8 Critical |
| cumin: At installation postgresql database user created without password | ||||
| CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2024-11-21 | 7.8 High |
| ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | ||||
| CVE-2012-3407 | 1 Plow Project | 1 Plow | 2024-11-21 | 7.8 High |
| plow has local buffer overflow vulnerability | ||||
| CVE-2012-3353 | 1 Apache | 1 Sling Jcr Contentloader | 2024-11-21 | N/A |
| The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader | ||||
| CVE-2012-3351 | 1 Longtailvideo | 1 Jw Player | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript. | ||||