Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4902 | 1 Template Cms Project | 1 Template Cms | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php. | ||||
| CVE-2012-4915 | 2 Davistribe, Wordpress | 2 Google Doc Embedder, Wordpress | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. | ||||
| CVE-2012-4921 | 1 Dvs Custom Notification Project | 1 Dvs Custom Notification | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2012-4988 | 1 Xnview | 1 Xnview | 2025-04-12 | N/A |
| Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file. | ||||
| CVE-2012-5032 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | ||||
| CVE-2012-5036 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | ||||
| CVE-2012-5037 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Ios | 2025-04-12 | N/A |
| The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | ||||
| CVE-2012-5039 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | ||||
| CVE-2012-5044 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. | ||||
| CVE-2012-5056 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php. | ||||
| CVE-2012-5057 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | ||||
| CVE-2012-5106 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-04-12 | N/A |
| Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command. | ||||
| CVE-2012-5242 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | N/A |
| Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action. | ||||
| CVE-2012-5243 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | N/A |
| functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request. | ||||
| CVE-2012-5244 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php. | ||||
| CVE-2012-5336 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. | ||||
| CVE-2012-5390 | 1 Condor Project | 1 Condor | 2025-04-12 | N/A |
| The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. | ||||
| CVE-2012-5391 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. | ||||
| CVE-2012-5395 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. | ||||
| CVE-2012-5427 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. | ||||