Search Results (10720 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2196 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.
CVE-2012-2223 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
CVE-2012-2296 2 Drupal, Janrain 2 Drupal, Rpx 2025-04-11 N/A
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
CVE-2012-2302 2 Drupal, Nancy Wichmann 2 Drupal, Sitedoc 2025-04-11 N/A
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-2327 1 Mybb 1 Mybb 2025-04-11 N/A
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.
CVE-2012-2531 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
CVE-2012-2532 1 Microsoft 4 Ftp Service, Windows 7, Windows Server 2008 and 1 more 2025-04-11 N/A
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."
CVE-2012-2635 2 Dolphin-browser, Google 3 Dolphin Browser Hd, Dolphin For Pad, Android 2025-04-11 N/A
The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-2645 2 Google, Yahoo 2 Android, Yahoo\! Browser 2025-04-11 N/A
The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-2646 1 Fenrir-inc 1 Sleipnir Mobile 2025-04-11 N/A
The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-2647 3 Apple, Google, Yahoo 3 Safari, Chrome, Toolbar 2025-04-11 N/A
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.
CVE-2012-2815 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.
CVE-2012-2854 4 Apple, Google, Linux and 1 more 5 Mac Os X, Chrome, Frame and 2 more 2025-04-11 N/A
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
CVE-2012-2891 1 Google 1 Chrome 2025-04-11 N/A
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
CVE-2012-2922 1 Drupal 1 Drupal 2025-04-11 N/A
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
CVE-2012-3248 1 Hp 1 Fortify Software Security Center 2025-04-11 N/A
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-3249 1 Hp 1 Fortify Software Security Center 2025-04-11 N/A
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2012-3394 1 Moodle 1 Moodle 2025-04-11 N/A
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2012-3419 1 Sgi 1 Performance Co-pilot 2025-04-11 N/A
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
CVE-2012-3430 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.