Search

Search Results (365158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0866 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2025-04-11 N/A
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
CVE-2012-0867 4 Debian, Opensuse Project, Postgresql and 1 more 11 Debian Linux, Opensuse, Postgresql and 8 more 2025-04-11 N/A
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2012-0868 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2025-04-11 N/A
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CVE-2012-0869 1 Ulli Horlacher 1 Fex 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2012-0870 3 Redhat, Rim, Samba 6 Enterprise Linux, Rhel Eus, Rhel Mission Critical and 3 more 2025-04-11 N/A
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.
CVE-2012-0872 1 Oxwall 1 Oxwall 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist.
CVE-2012-0873 1 Boonex 1 Dolphin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
CVE-2012-0874 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more 2025-04-11 N/A
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
CVE-2012-0875 2 Redhat, Systemtap 2 Enterprise Linux, Systemtap 2025-04-11 N/A
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.
CVE-2012-0876 6 Canonical, Debian, Libexpat Project and 3 more 15 Ubuntu Linux, Debian Linux, Libexpat and 12 more 2025-04-11 N/A
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
CVE-2012-0878 2 Pythonpaste, Redhat 2 Paste, Enterprise Linux 2025-04-11 N/A
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
CVE-2012-0879 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-11 5.5 Medium
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
CVE-2012-0897 1 Irfanview 1 Irfanview 2025-04-11 N/A
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
CVE-2012-0882 2 Mysql, Oracle 2 Mysql, Mysql 2025-04-11 N/A
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
CVE-2012-0883 3 Apache, Opensuse, Redhat 3 Http Server, Opensuse, Jboss Enterprise Application Platform 2025-04-11 N/A
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
CVE-2012-0884 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-11 N/A
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
CVE-2012-0885 1 Asterisk 1 Open Source 2025-04-11 N/A
chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.
CVE-2012-0895 2 Tom Braider, Wordpress 2 Count Per Day, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVE-2012-0896 3 Count Per Day Project, Tom Braider, Wordpress 3 Count Per Day, Count Per Day, Wordpress 2025-04-11 N/A
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
CVE-2012-0898 2 Camaleo, Wordpress 2 Myeasybackup, Wordpress 2025-04-11 N/A
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter.