Export limit exceeded: 363619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2235 1 Sitracker 1 Support Incident Tracker 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.
CVE-2012-2236 1 Ryan Walberg 1 Php Gift Registry 2025-04-11 N/A
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
CVE-2012-2239 2 Debian, Mahara 2 Debian Linux, Mahara 2025-04-11 9.1 Critical
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
CVE-2012-2240 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
CVE-2012-2241 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
CVE-2012-2242 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
CVE-2012-2243 1 Mahara 1 Mahara 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path.
CVE-2012-2244 1 Mahara 1 Mahara 2025-04-11 N/A
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.
CVE-2012-2246 1 Mahara 1 Mahara 2025-04-11 N/A
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.
CVE-2012-2247 1 Mahara 1 Mahara 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.
CVE-2012-2249 1 Torproject 1 Tor 2025-04-11 N/A
Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.
CVE-2012-2250 1 Torproject 1 Tor 2025-04-11 N/A
Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.
CVE-2012-2251 3 Debian, Fedoraproject, Pizzashack 3 Debian Linux, Fedora, Rssh 2025-04-11 N/A
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
CVE-2012-2252 1 Pizzashack 1 Rssh 2025-04-11 N/A
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
CVE-2012-2253 1 Mahara 1 Mahara 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2012-2267 1 Realnetworks 2 Helix Mobile Server, Helix Server 2025-04-11 N/A
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923.
CVE-2012-2268 1 Realnetworks 2 Helix Mobile Server, Helix Server 2025-04-11 N/A
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923.
CVE-2012-2269 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.
CVE-2012-2270 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
CVE-2012-2271 1 Skincrafter 1 Skincrafter 2025-04-11 N/A
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).