Search

Search Results (363531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6607 1 Augeas 1 Augeas 2025-04-11 N/A
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.
CVE-2013-1530 1 Sun 1 Sunos 2025-04-11 N/A
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
CVE-2012-6608 1 Elastix 1 Elastix 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.
CVE-2012-6612 2 Apache, Redhat 3 Solr, Jboss Data Grid, Jboss Enterprise Web Framework 2025-04-11 N/A
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
CVE-2012-6615 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.
CVE-2012-6616 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.
CVE-2012-6617 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
CVE-2012-6618 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
CVE-2012-6620 1 Horde 1 Kronolith H4 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6621 1 Get-simple 1 Getsimple Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
CVE-2012-6622 1 Vasthtml 1 Forumpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.
CVE-2012-6623 1 Vasthtml 1 Forumpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php.
CVE-2012-6624 1 Mightymess 1 Soundcloud Is Gold 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.
CVE-2012-6627 1 Xyzscripts 1 Newsletter Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2012-6628 1 Xyzscripts 1 Newsletter Manager 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.
CVE-2012-6629 1 Xyzscripts 1 Newsletter Manager 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change an email address or (2) conduct script insertion attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-6630 1 Rick Mead 1 Media Library Categories 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php.
CVE-2012-6631 1 Vessio 1 Netbill 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action.
CVE-2012-6632 1 Vessio 1 Netbill 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index.php or (3) comment parameter in the support page to accounts/index2.php.
CVE-2012-6633 1 Wordpress 1 Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.