Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363673 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6035 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | ||||
| CVE-2012-6036 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | ||||
| CVE-2012-6037 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers. | ||||
| CVE-2012-6038 | 1 Razorcms | 1 Razorcms | 2025-04-11 | N/A |
| admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal." | ||||
| CVE-2012-6039 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2025-04-11 | N/A |
| SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | ||||
| CVE-2012-6040 | 1 Convergine | 1 File King Advanced File Management | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2012-6041 | 1 Morequick | 1 Greenbrowser | 2025-04-11 | N/A |
| Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe. | ||||
| CVE-2012-6042 | 1 Geopainting | 1 Gpsmapedit | 2025-04-11 | N/A |
| GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file. | ||||
| CVE-2012-6043 | 1 Php-fusion | 1 Php-fusion | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | ||||
| CVE-2012-6044 | 1 Mjsware | 1 M-player | 2025-04-11 | N/A |
| M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file. | ||||
| CVE-2012-6045 | 1 Ramui | 1 Ramui Forum | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2012-6046 | 1 Phpenter | 1 Php Enter | 2025-04-11 | N/A |
| Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter. | ||||
| CVE-2012-6047 | 1 X7 Group | 1 X7 Chat | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php. | ||||
| CVE-2012-6048 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-11 | N/A |
| Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file. | ||||
| CVE-2012-6049 | 1 Opensolution | 1 Quick.cart | 2025-04-11 | N/A |
| Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message. | ||||
| CVE-2012-6050 | 1 Mikrotik | 1 Routeros | 2025-04-11 | N/A |
| The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | ||||
| CVE-2012-6051 | 1 Google | 1 Cityhash | 2025-04-11 | N/A |
| Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack. | ||||
| CVE-2012-6052 | 1 Wireshark | 1 Wireshark | 2025-04-11 | N/A |
| Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. | ||||
| CVE-2012-6053 | 1 Wireshark | 1 Wireshark | 2025-04-11 | N/A |
| epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field. | ||||
| CVE-2012-6054 | 1 Wireshark | 1 Wireshark | 2025-04-11 | N/A |
| The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6. | ||||