Search

Search Results (364887 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1573 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-11 N/A
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
CVE-2012-1574 2 Apache, Cloudera 3 Hadoop, Cloudera Cdh, Hadoop 2025-04-11 N/A
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
CVE-2012-1576 1 Atheme 1 Atheme 2025-04-11 N/A
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
CVE-2012-1578 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.
CVE-2012-1579 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.
CVE-2012-1218 1 Freelancerkit 1 Freelancerkit 2025-04-11 N/A
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components.
CVE-2012-1219 1 Freelancerkit 1 Freelancerkit 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title parameter to notes.php, or (3) task parameter to todo.php. NOTE: some of these details are obtained from third party information.
CVE-2012-1220 1 Devincentiis 1 Gazie 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.
CVE-2012-1221 1 Rabidhamster 2 R2\/, R2\/extreme 2025-04-11 N/A
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command.
CVE-2012-1222 1 Rabidhamster 1 R2\/extreme 2025-04-11 N/A
Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23.
CVE-2012-1223 1 Rabidhamster 1 R2\/extreme 2025-04-11 N/A
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.
CVE-2012-1224 1 Contentlion 1 Contentlion Alpha 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-1225 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
CVE-2012-1226 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-11 N/A
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
CVE-2012-1227 1 Pluck-cms 1 Pluck 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.
CVE-2012-1235 1 Advantech 1 Advantech Webaccess 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.
CVE-2012-1236 1 Janetter 1 Janetter 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands.
CVE-2012-1237 1 Icz 1 Sencha Sns 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2012-1238 1 Icz 1 Sencha Sns 2025-04-11 N/A
Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-1239 1 Toshibatec 64 E-studio-167 With Network Printer Kit, E-studio-167 With Network Printer Kit Firmware, E-studio-181 With Network Printer Kit and 61 more 2025-04-11 N/A
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.