Export limit exceeded: 363315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4352 1 Stone-ware 1 Webnetwork 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp.
CVE-2012-4353 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information.
CVE-2012-4354 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2012-4355 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354.
CVE-2012-4356 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
CVE-2012-4357 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
CVE-2012-4358 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.
CVE-2012-4359 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2025-04-11 N/A
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358.
CVE-2012-4360 2 Apache, Google 2 Http Server, Mod Pagespeed 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4361 1 Hp 2 San\/iq, Virtual San Appliance 2025-04-11 N/A
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
CVE-2012-4362 1 Hp 2 San\/iq, Virtual San Appliance 2025-04-11 N/A
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
CVE-2012-4363 4 Adobe, Apple, Linux and 1 more 4 Acrobat Reader, Mac Os X, Linux Kernel and 1 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems."
CVE-2012-4366 1 Belkin 4 N150 Wireless Router, N300 Wireless Router, N450 Wireless Router and 1 more 2025-04-11 N/A
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.
CVE-2012-4386 1 Apache 1 Struts 2025-04-11 N/A
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
CVE-2012-4387 1 Apache 1 Struts 2025-04-11 N/A
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
CVE-2012-4388 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2025-04-11 N/A
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.
CVE-2012-4389 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
CVE-2012-4390 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
CVE-2012-4391 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
CVE-2012-4392 1 Owncloud 1 Owncloud Server 2025-04-11 N/A
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.