Search

Search Results (363331 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3993 2 Mozilla, Redhat 5 Firefox, Seamonkey, Thunderbird and 2 more 2025-04-11 N/A
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
CVE-2012-3994 4 Canonical, Mozilla, Redhat and 1 more 13 Ubuntu Linux, Firefox, Seamonkey and 10 more 2025-04-11 N/A
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.
CVE-2012-3995 4 Canonical, Mozilla, Redhat and 1 more 13 Ubuntu Linux, Firefox, Seamonkey and 10 more 2025-04-11 N/A
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-3999 1 Sayakbanerjee 1 Sticky Notes 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2012-4000 1 Ckeditor 1 Fckeditor 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
CVE-2012-4001 2 Apache, Google 2 Http Server, Mod Pagespeed 2025-04-11 N/A
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
CVE-2012-4002 1 Glpi-project 1 Glpi 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-4003 1 Glpi-project 1 Glpi 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2012-4004 1 Fenrir-inc 1 Sleipnir Mobile 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to inject arbitrary web script or HTML via a crafted application that interacts with an unspecified Sleipnir Mobile function.
CVE-2012-4005 1 Naver 1 Nhn Japan Naver Line 2025-04-11 N/A
The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.
CVE-2012-4006 3 Google, Gree, Kddi \& Gree 9 Android, Gree, Haconiwa and 6 more 2025-04-11 N/A
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-4007 2 Google, Mixi 2 Android, Mixi 2025-04-11 N/A
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.
CVE-2012-4008 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
CVE-2012-4009 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
CVE-2012-4010 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660.
CVE-2012-4011 1 Cybozu 1 Kunai 2025-04-11 N/A
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
CVE-2012-4012 1 Cybozu 1 Kunai 2025-04-11 N/A
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
CVE-2012-4013 1 Cybozu 1 Kunai Browser For Remote Service 2025-04-11 N/A
The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
CVE-2012-4014 1 Mcafee 1 Email And Web Security 2025-04-11 N/A
Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors.
CVE-2012-4015 2 Microsoft, Mylittletools 2 Sql Server, Mylittleadmin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry.