Search

Search Results (363303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4055 1 Uiga 1 Fan Club 2025-04-11 N/A
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2012-4056 1 Uiga 1 Personal Portal 2025-04-11 N/A
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2012-4057 1 Twd-industries 1 Remote-anything 2025-04-11 N/A
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
CVE-2012-4058 1 Socketmail 1 Socketmail 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email.
CVE-2012-4059 1 Socketmail 1 Socketmail 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
CVE-2012-4060 1 Asp-dev 1 Xm Forums 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
CVE-2012-4061 1 Asp-dev 1 Xm Diary 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.
CVE-2012-4063 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2012-4064 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.
CVE-2012-4065 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting.
CVE-2012-4066 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
CVE-2012-4067 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request.
CVE-2012-4068 1 Citrix 1 Provisioning Services 2025-04-11 N/A
Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.
CVE-2012-4069 1 Dir2web 1 Dir2web 2025-04-11 N/A
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
CVE-2012-4070 1 Dir2web 1 Dir2web 2025-04-11 N/A
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
CVE-2012-4071 2 Joomla, Rsgallery2 2 Joomla\!, Com Rsgallery2 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment.
CVE-2012-4072 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.
CVE-2012-4073 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.
CVE-2012-4074 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.
CVE-2012-4075 1 Cisco 1 Nx-os 2025-04-11 N/A
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.