Search

Search Results (363331 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4354 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2012-4355 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354.
CVE-2012-4356 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
CVE-2012-4357 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
CVE-2012-4358 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.
CVE-2012-4359 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358.
CVE-2012-4360 2 Apache, Google 2 Http Server, Mod Pagespeed 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4361 1 Hp 2 San\/iq, Virtual San Appliance 2025-04-11 N/A
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
CVE-2012-4362 1 Hp 2 San\/iq, Virtual San Appliance 2025-04-11 N/A
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
CVE-2012-4363 4 Adobe, Apple, Linux and 1 more 4 Acrobat Reader, Mac Os X, Linux Kernel and 1 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems."
CVE-2012-4366 1 Belkin 4 N150 Wireless Router, N300 Wireless Router, N450 Wireless Router and 1 more 2025-04-11 N/A
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.
CVE-2012-4386 1 Apache 1 Struts 2025-04-11 N/A
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
CVE-2012-4387 1 Apache 1 Struts 2025-04-11 N/A
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
CVE-2012-4388 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2025-04-11 N/A
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.
CVE-2012-4389 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
CVE-2012-4390 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
CVE-2012-4391 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
CVE-2012-4392 1 Owncloud 1 Owncloud Server 2025-04-11 N/A
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
CVE-2012-4393 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/.
CVE-2012-4394 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.