Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4028 1 Tridium 1 Niagara Ax 2025-04-11 N/A
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
CVE-2012-4031 1 Wangkongbao 2 Cns-1000, Cns-1100 2025-04-11 N/A
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.
CVE-2012-4032 1 Websitepanel 1 Websitepanel 2025-04-11 N/A
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
CVE-2012-4033 2 Wordpress, Zingiri 2 Wordpress, Zingiri Web Shop 2025-04-11 N/A
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
CVE-2012-4034 1 Pbboard 1 Pbboard 2025-04-11 N/A
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
CVE-2012-4035 1 Pbboard 1 Pbboard 2025-04-11 N/A
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
CVE-2012-4036 1 Pbboard 1 Pbboard 2025-04-11 N/A
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.
CVE-2012-4037 1 Transmissionbt 1 Transmission 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
CVE-2012-4043 1 Palo Alto 3 Global Protected Gateway, Networks, Ssl Vpn 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action.
CVE-2012-4045 1 Nullsoft 1 Winamp 2025-04-11 N/A
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
CVE-2012-4046 1 Dlink 2 Dcs-932l, Dcs-932l Firmware 2025-04-11 N/A
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
CVE-2012-4048 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-11 N/A
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.
CVE-2012-4049 2 Opensuse, Wireshark 2 Opensuse, Wireshark 2025-04-11 N/A
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
CVE-2012-4050 2 Google, Samsung 5 Chrome Os, Cr-48 Chromebook, Chromebox 3 and 2 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
CVE-2012-4051 1 Jamf 1 Casper Suite 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
CVE-2012-4052 1 Jease 1 Jease 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter.
CVE-2012-4053 1 Ez 1 Ez Publish 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-4054 1 Cpe17 1 Autorun Killer 2025-04-11 N/A
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
CVE-2012-4055 1 Uiga 1 Fan Club 2025-04-11 N/A
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2012-4056 1 Uiga 1 Personal Portal 2025-04-11 N/A
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.