Search

Search Results (365295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0882 2 Mysql, Oracle 2 Mysql, Mysql 2025-04-11 N/A
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
CVE-2012-0883 3 Apache, Opensuse, Redhat 3 Http Server, Opensuse, Jboss Enterprise Application Platform 2025-04-11 N/A
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
CVE-2012-0884 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-11 N/A
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
CVE-2012-0885 1 Asterisk 1 Open Source 2025-04-11 N/A
chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.
CVE-2012-0895 2 Tom Braider, Wordpress 2 Count Per Day, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
CVE-2012-0896 3 Count Per Day Project, Tom Braider, Wordpress 3 Count Per Day, Count Per Day, Wordpress 2025-04-11 N/A
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
CVE-2012-0898 2 Camaleo, Wordpress 2 Myeasybackup, Wordpress 2025-04-11 N/A
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter.
CVE-2012-0899 1 Annuairephp 1 Annuaire Php 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter.
CVE-2012-0900 1 Beehive Forum 1 Beehive Forum 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php.
CVE-2012-0901 1 Attenzione 1 Yousaytoo 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
CVE-2012-0902 1 Airties 1 Air 4450 2025-04-11 N/A
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.
CVE-2012-0903 1 Vmware 1 Zimbra Desktop 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.
CVE-2012-0904 1 Videolan 1 Vlc Media Player 2025-04-11 N/A
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
CVE-2012-0905 1 Dev\!l\'s 1 Dev\!l\'z Clanportal Gamebase Addon 2025-04-11 N/A
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
CVE-2012-0906 2 Dev\!l\'z, Mystarmedia 2 Dev\!l\'z Clanportal, Moviebase Addon 2025-04-11 N/A
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.
CVE-2012-0907 1 Neoaxis 1 Neoaxis Web Player 2025-04-11 N/A
Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.
CVE-2012-0908 1 Simplesamlphp 1 Simplesamlphp 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter.
CVE-2012-0909 1 Horde 1 Groupware Webmail Edition 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information.
CVE-2012-0911 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-11 9.8 Critical
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVE-2012-0912 1 Stone-ware 1 Webnetwork 2025-04-11 N/A
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.