Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3052 1 Cisco 1 Vpn Client 2025-04-11 N/A
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
CVE-2012-3073 1 Cisco 15 Telepresence Manager, Telepresence Multipoint Switch, Telepresence Multipoint Switch Software and 12 more 2025-04-11 N/A
The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338.
CVE-2012-3096 1 Cisco 1 Unity Connection 2025-04-11 N/A
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132.
CVE-2012-3304 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.
CVE-2012-3375 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
CVE-2012-3381 1 Standards Based Linux Instrumentation 1 Sblim-sfcb 2025-04-11 N/A
sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2012-3398 1 Moodle 1 Moodle 2025-04-11 N/A
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.
CVE-2012-3421 1 Sgi 1 Performance Co-pilot 2025-04-11 N/A
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
CVE-2012-3437 1 Imagemagick 1 Imagemagick 2025-04-11 N/A
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVE-2012-3450 1 Php 1 Php 2025-04-11 N/A
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
CVE-2012-3475 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
CVE-2012-3530 1 Typo3 1 Typo3 2025-04-11 N/A
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
CVE-2012-3549 1 Freebsd 1 Freebsd 2025-04-11 N/A
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.
CVE-2012-3553 1 Digium 1 Asterisk 2025-04-11 N/A
chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.
CVE-2012-3562 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.
CVE-2012-3563 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
CVE-2012-3565 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."
CVE-2012-3567 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.
CVE-2012-3568 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.
CVE-2012-3574 2 Tbelmans, Wordpress 2 Mm Forms Community, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.