Search

Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6568 1 Huawei 1 Utps 2025-04-11 N/A
Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file.
CVE-2012-6569 1 Huawei 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more 2025-04-11 N/A
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI.
CVE-2012-6570 1 Huawei 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more 2025-04-11 N/A
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.
CVE-2012-6571 1 Huawei 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more 2025-04-11 N/A
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
CVE-2012-6572 2 Drupal, Kong 2 Drupal, Inf08 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name.
CVE-2012-6573 2 Alejandro Garza, Drupal 2 Apachesolr Autocomplete, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
CVE-2012-6574 2 Drupal, Soprano 2 Drupal, Fonecta Verify 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6575 2 Drupal, Mobile4social 2 Drupal, Exposed Filter Data 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6576 2 Antti Alamki, Drupal 2 Prh Search, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6577 2 Typo3, Typoheads 2 Typo3, Formhandler 2025-04-11 N/A
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-6578 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
CVE-2012-6579 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.
CVE-2012-6580 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.
CVE-2012-6581 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
CVE-2012-6582 2 Drupal, Spambot Module Project 2 Drupal, Spambot 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog.
CVE-2012-6583 2 Drupal, Imagemenu Project 2 Drupal, Imagemenu 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.
CVE-2012-6584 1 Myrephp 1 Myre Realty Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
CVE-2012-6585 1 Myrephp 1 Myre Realty Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
CVE-2012-6586 1 Myrephp 1 Myre Vacation Rental 2025-04-11 N/A
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
CVE-2012-6587 1 Myrephp 1 Myre Vacation Rental 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login action.