Export limit exceeded: 363315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4064 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.
CVE-2012-4065 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting.
CVE-2012-4066 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
CVE-2012-4067 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request.
CVE-2012-4068 1 Citrix 1 Provisioning Services 2025-04-11 N/A
Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.
CVE-2012-4069 1 Dir2web 1 Dir2web 2025-04-11 N/A
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
CVE-2012-4070 1 Dir2web 1 Dir2web 2025-04-11 N/A
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
CVE-2012-4071 2 Joomla, Rsgallery2 2 Joomla\!, Com Rsgallery2 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment.
CVE-2012-4072 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.
CVE-2012-4073 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.
CVE-2012-4074 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.
CVE-2012-4075 1 Cisco 1 Nx-os 2025-04-11 N/A
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
CVE-2012-4076 1 Cisco 1 Nx-os 2025-04-11 N/A
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
CVE-2012-4077 1 Cisco 1 Nx-os 2025-04-11 N/A
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
CVE-2012-4078 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656.
CVE-2012-4079 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206.
CVE-2012-4081 1 Cisco 1 Unified Computing System 2025-04-11 N/A
MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734.
CVE-2012-4082 1 Cisco 1 Unified Computing System 2025-04-11 N/A
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.
CVE-2012-4083 1 Cisco 1 Unified Computing System 2025-04-11 N/A
Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751.
CVE-2012-4084 1 Cisco 1 Unified Computing System 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.