Export limit exceeded: 363609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6467 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012. | ||||
| CVE-2012-6468 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response. | ||||
| CVE-2012-6470 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. | ||||
| CVE-2012-6471 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | ||||
| CVE-2012-6472 | 2 Opera, Unix | 2 Opera Browser, Unix | 2025-04-11 | N/A |
| Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file. | ||||
| CVE-2012-6493 | 1 Rapid7 | 1 Nexpose | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete. | ||||
| CVE-2012-6495 | 1 Moinmo | 1 Moinmoin | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. | ||||
| CVE-2012-6496 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. | ||||
| CVE-2012-6497 | 1 Rubyonrails | 1 Rails | 2025-04-11 | N/A |
| The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. | ||||
| CVE-2012-6498 | 1 Maxtom | 1 Atomymaxsite | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012. | ||||
| CVE-2012-6499 | 2 Age Verification Project, Wordpress | 2 Age Verification, Wordpress | 2025-04-11 | N/A |
| Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. | ||||
| CVE-2012-6500 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-11 | N/A |
| Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. | ||||
| CVE-2012-6501 | 1 Hp | 1 Pki Activex Control | 2025-04-11 | N/A |
| The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process. | ||||
| CVE-2012-6502 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. | ||||
| CVE-2012-6503 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjaxplorer | 2025-04-11 | N/A |
| Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. | ||||
| CVE-2012-6504 | 1 Shawn Bradley | 1 Php Volunteer Management | 2025-04-11 | N/A |
| SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-6505 | 1 Shawn Bradley | 1 Php Volunteer Management | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2012-6506 | 2 Wordpress, Zingiri | 2 Wordpress, Zingiri Web Shop | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. | ||||
| CVE-2012-6507 | 1 Jason Sexauer | 1 Churchcms | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. | ||||
| CVE-2012-6508 | 1 Netartmedia | 1 Car Portal | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php. | ||||