Search

Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6550 1 Zeroclipboard Project 1 Zeroclipboard 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
CVE-2012-6551 2 Apache, Redhat 2 Activemq, Fuse Mq Enterprise 2025-04-11 N/A
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
CVE-2012-6552 1 Phpvms 1 Phpvms 2025-04-11 N/A
Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors.
CVE-2012-6553 1 Angusj 1 Resource Hacker 2025-04-11 N/A
Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many tab or line feed characters.
CVE-2012-6554 1 A51dev 1 Activecollab Chat Module 2025-04-11 N/A
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVE-2012-6555 1 Vanillaforums 1 Latestcomment 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
CVE-2012-6556 1 Jspautsch 1 Firstlastnames 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.
CVE-2012-6557 2 Vanillaforums, Zodiacdm 2 Vanilla, Aboutme-plugin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
CVE-2012-6558 1 Heaventools 1 Pe Explorer 2025-04-11 N/A
Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file.
CVE-2012-6559 1 Freenac 1 Freenac 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.
CVE-2012-6560 1 Freenac 1 Freenac 2025-04-11 N/A
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.
CVE-2012-6561 1 Elgg 1 Elgg 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-6562 1 Elgg 1 Elgg 2025-04-11 N/A
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
CVE-2012-6563 1 Elgg 1 Elgg 2025-04-11 N/A
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
CVE-2012-6564 1 Vanderbilt 1 Redcap 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6565 1 Vanderbilt 1 Redcap 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels.
CVE-2012-6566 1 Vanderbilt 1 Redcap 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6567 1 Project-redcap 1 Redcap 2025-04-11 N/A
REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule.
CVE-2012-6568 1 Huawei 1 Utps 2025-04-11 N/A
Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file.
CVE-2012-6569 1 Huawei 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more 2025-04-11 N/A
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI.