Search

Search Results (363161 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2598 1 Siemens 1 Wincc 2025-04-11 N/A
Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.
CVE-2012-2601 1 Progress 1 Whatsup Gold 2025-04-11 N/A
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
CVE-2012-2602 1 Solarwinds 1 Orion Network Performance Monitor 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
CVE-2012-2603 1 Collabnet 1 Scrumworks 2025-04-11 N/A
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
CVE-2012-2604 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
CVE-2012-2605 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.
CVE-2012-2606 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2025-04-11 N/A
The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.
CVE-2012-2607 1 Johnsoncontrols 2 Network Controller, Network Controller Firmware 2025-04-11 N/A
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
CVE-2012-2611 1 Sap 1 Netweaver 2025-04-11 N/A
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
CVE-2012-2612 1 Sap 1 Netweaver 2025-04-11 N/A
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2012-2614 1 Lattice Semiconductor 1 Lattice Diamond Programmer 2025-04-11 N/A
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.
CVE-2012-2619 2 Apple, Broadcom 3 Iphone Os, Bcm4325, Bcm4329 2025-04-11 N/A
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
CVE-2012-2624 1 Cgi 1 Hotscan 2025-04-11 N/A
Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet.
CVE-2012-2625 2 Redhat, Xen 3 Enterprise Linux, Xen, Xen-unstable 2025-04-11 N/A
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
CVE-2012-2626 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
CVE-2012-2627 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
CVE-2012-2069 2 Drupal, Mclewin 2 Drupal, Wishlist 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.
CVE-2012-2070 2 Andrew Levine, Drupal 2 Multiblock, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title.
CVE-2012-2071 2 Drupal, Geoff Davies 2 Drupal, Contact Forms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2072 2 Drupal, Patrick Przybilla 2 Drupal, Addtoany 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.