Export limit exceeded: 363984 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363984 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1239 | 1 Toshibatec | 64 E-studio-167 With Network Printer Kit, E-studio-167 With Network Printer Kit Firmware, E-studio-181 With Network Printer Kit and 61 more | 2025-04-11 | N/A |
| The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. | ||||
| CVE-2012-1240 | 1 Recruit | 1 Dokodemo Rikunabi 2013 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1241 | 1 Artonx.org | 1 Activescriptruby | 2025-04-11 | N/A |
| GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | ||||
| CVE-2012-1242 | 1 Justsystems | 7 Ichitaro, Ichitaro Portable With Oreplug, Ichitaro Viewer and 4 more | 2025-04-11 | N/A |
| Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| CVE-2012-1243 | 2 Google, Studiohitori | 2 Android, Twitrocker2 Android | 2025-04-11 | N/A |
| The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2012-1244 | 1 Nttdocomo | 1 Spmode Mail Android | 2025-04-11 | N/A |
| The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-1245 | 1 Osqa | 1 Osqa | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI. | ||||
| CVE-2012-1246 | 1 Webcreate | 1 Web Mart | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. | ||||
| CVE-2012-1247 | 1 Webcreate | 1 Web Mart | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions. | ||||
| CVE-2012-1248 | 1 Basercms | 1 Basercms | 2025-04-11 | N/A |
| app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain. | ||||
| CVE-2012-1249 | 2 Google, Lunascape | 2 Android, Ilunascape Android | 2025-04-11 | N/A |
| The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application. | ||||
| CVE-2012-1250 | 1 Logitech | 4 Lan-w300n\/r, Lan-w300n\/rs, Lan-w300n\/ru2 and 1 more | 2025-04-11 | N/A |
| Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication. | ||||
| CVE-2012-1683 | 1 Sun | 1 Sunos | 2025-04-11 | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd. | ||||
| CVE-2012-1251 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-1252 | 1 Rssowl | 1 Rssowl | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. | ||||
| CVE-2012-1253 | 1 Roundcube | 1 Webmail | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment. | ||||
| CVE-2012-1254 | 1 Segue Project | 1 Segue | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1255 | 1 Segue Project | 1 Segue | 2025-04-11 | N/A |
| SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1256 | 1 Easyvista | 1 Easyvista | 2025-04-11 | N/A |
| The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | ||||
| CVE-2012-1290 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. | ||||