Search

Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5516 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.
CVE-2012-4869 1 Sangoma 1 Freepbx 2025-04-11 N/A
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
CVE-2012-4870 1 Sangoma 1 Freepbx 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
CVE-2012-4871 1 Litespeedtech 1 Litespeed Web Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
CVE-2012-4872 1 Kayako 1 Kayako Fusion 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.
CVE-2012-4873 1 Sir 1 Gnuboard 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
CVE-2012-4874 2 Awpcp, Wordpress 2 Another Wordpress Classifieds Plugin, Wordpress 2025-04-11 N/A
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."
CVE-2012-4875 1 Artifex 1 Gpl Ghostscript 2025-04-11 N/A
Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it
CVE-2012-4876 1 Trendnet 2 Securview Wireless Internet Camera, Securview Wireless Internet Camera Activex Control 2025-04-11 N/A
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
CVE-2012-4877 1 Flatnux 1 Flatnux 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
CVE-2012-4878 1 Flatnux 1 Flatnux 2025-04-11 N/A
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
CVE-2012-4879 1 Wago 1 Wago I\/o System 758 Industrial Pc Device 2025-04-11 N/A
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013.
CVE-2012-4880 1 Sony 2 Dvd Architect Pro, Dvd Architect Studio 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a directory that contains a .dar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4881 1 Sony 1 Moviez Hd 2025-04-11 N/A
Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4882 1 3ds 1 3d Xml Player 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4883 1 3ds 1 3dvia Composer 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4884 1 Bestpractical 1 Rt 2025-04-11 N/A
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
CVE-2012-4885 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.
CVE-2012-4889 1 Manageengine 1 Firewall Analyzer 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
CVE-2012-4890 1 Flatnux 1 Flatnux 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.