Total
29787 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1955 | 2 Mozilla, Redhat | 5 Firefox, Seamonkey, Thunderbird and 2 more | 2025-04-11 | N/A |
| Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | ||||
| CVE-2012-4548 | 1 Lars Hjemli | 1 Cgit | 2025-04-11 | N/A |
| Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. | ||||
| CVE-2012-2012 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2025-04-11 | N/A |
| HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2012-4555 | 1 Redhat | 1 Certificate System | 2025-04-11 | N/A |
| The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors. | ||||
| CVE-2012-4589 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | N/A |
| Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2012-2062 | 2 Drupal, Sami Kiminki | 2 Drupal, Redirecting Click Bouncer | 2025-04-11 | N/A |
| Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2012-4350 | 1 Symantec | 1 Enterprise Security Manager | 2025-04-11 | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. | ||||
| CVE-2012-5377 | 1 Activestate | 1 Activeperl | 2025-04-11 | N/A |
| Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. | ||||
| CVE-2012-5378 | 1 Activestate | 1 Activetcl | 2025-04-11 | N/A |
| Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. | ||||
| CVE-2012-5382 | 1 Zend | 1 Zend Server | 2025-04-11 | N/A |
| Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation | ||||
| CVE-2012-1468 | 1 Pkp | 1 Open Journal Systems | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions. | ||||
| CVE-2012-5459 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-11 | N/A |
| Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." | ||||
| CVE-2012-5510 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. | ||||
| CVE-2012-1618 | 1 Postgresql | 2 Postgresql, Postgresql Jdbc Driver | 2025-04-11 | N/A |
| Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005. | ||||
| CVE-2012-1365 | 1 Cisco | 1 Unified Computing System Infrastructure And Unified Computing System Software | 2025-04-11 | N/A |
| Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463. | ||||
| CVE-2012-6460 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. | ||||
| CVE-2012-1193 | 1 Powerdns | 1 Powerdns Recursor | 2025-04-11 | N/A |
| The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | ||||
| CVE-2012-5354 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. | ||||
| CVE-2012-4036 | 1 Pbboard | 1 Pbboard | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216. | ||||
| CVE-2012-1242 | 1 Justsystems | 7 Ichitaro, Ichitaro Portable With Oreplug, Ichitaro Viewer and 4 more | 2025-04-11 | N/A |
| Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||