Search

Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1654 2 Alex Barth, Drupal 2 Data, Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc.
CVE-2012-1655 2 Drupal, Sven Decabooter 2 Drupal, Uc Paydutchgroup \/ Wedeal Payment 2025-04-11 N/A
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors.
CVE-2012-1656 2 Drupal, Wesjones 2 Drupal, Multisite Search 2025-04-11 N/A
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
CVE-2012-1657 2 Drupal, Fourkitchens 2 Drupal, Block Class 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
CVE-2012-1658 2 Drupal, Fourkitchens 2 Drupal, Ed Readmore 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1659 2 Ariel Barreiro, Drupal 2 Noderecommendation, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1660 2 Drupal, Nathan Haug 2 Drupal, Webform 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
CVE-2012-1661 1 Esri 1 Arcmap 2025-04-11 N/A
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
CVE-2012-1662 2 Broadcom, Microsoft 2 Arcserve Backup, Windows 2025-04-11 N/A
CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.
CVE-2012-1663 1 Gnu 1 Gnutls 2025-04-11 N/A
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
CVE-2012-1674 1 Oracle 1 Industry Applications 2025-04-11 N/A
Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than CVE-2012-0582.
CVE-2012-1666 1 Vmware 5 Esx, Fusion, Player and 2 more 2025-04-11 N/A
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
CVE-2012-1667 2 Isc, Redhat 3 Bind, Enterprise Linux, Rhel Els 2025-04-11 N/A
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
CVE-2012-1670 1 Phpgradebook 1 Php Grade Book 2025-04-11 N/A
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.
CVE-2012-1671 1 Nicolas Tormo 1 Phppaleo 2025-04-11 N/A
Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2012-1672 1 Useasdf 4444 1 Hotel Booking Portal 2025-04-11 N/A
SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter.
CVE-2012-1673 1 Ola Lasisi 1 E-ticketing 2025-04-11 N/A
SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2012-1675 1 Oracle 1 Database Server 2025-04-11 N/A
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
CVE-2012-1676 1 Oracle 1 Financial Services Software 2025-04-11 N/A
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking.
CVE-2012-1677 1 Oracle 1 Fusion Middleware 2025-04-11 N/A
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors.