Search

Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2274 1 Pivotx 1 Pivotx 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2012-2275 1 Teamst 1 Testlink 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
CVE-2012-2276 1 Emc 1 Documentum Information Rights Management 2025-04-11 N/A
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.
CVE-2012-2277 1 Emc 1 Documentum Information Rights Management 2025-04-11 N/A
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands.
CVE-2012-2278 2 Emc, Rsa 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2279 2 Emc, Rsa 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance 2025-04-11 N/A
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-2280 2 Emc, Rsa 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance 2025-04-11 N/A
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."
CVE-2012-2281 1 Rsa 2 Access Manager Agent, Access Manager Server 2025-04-11 N/A
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.
CVE-2012-2282 1 Emc 3 Celerra Network Server, Vnx, Vnxe 2025-04-11 N/A
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request.
CVE-2012-2291 3 Apple, Emc, Hp 4 Mac Os X, Avamar, Avamar Plugin and 1 more 2025-04-11 N/A
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
CVE-2012-2283 2 Emc, Iomega 4 Lifeline, Home Media Network Hard Drive, Iconnect and 1 more 2025-04-11 N/A
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors.
CVE-2012-2284 2 Emc, Microsoft 2 Networker Module For Microsoft Applications, Exchange Server 2025-04-11 N/A
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
CVE-2012-2285 1 Emc 2 Cloud Tiering Appliance, Cloud Tiering Appliance Virtual Edition 2025-04-11 N/A
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase.
CVE-2012-2286 1 Emc 1 Rsa Adaptive Authentication On-premise 2025-04-11 N/A
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2012-2287 2 Emc, Microsoft 4 Rsa Authentication Agent, Rsa Authentication Client, Windows Server 2003 and 1 more 2025-04-11 N/A
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
CVE-2012-2288 1 Emc 1 Networker 2025-04-11 N/A
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
CVE-2012-2289 1 Emc 2 Applicationxtender Desktop, Applicationxtender Web Access .net 2025-04-11 N/A
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.
CVE-2012-1825 1 Forescout 1 Counteract 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.
CVE-2012-1826 1 Dotcms 1 Dotcms 2025-04-11 N/A
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
CVE-2012-1827 1 Efstechnology 1 Autoform Pdm Archive 2025-04-11 N/A
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request.