Total
288513 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-5455 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | ||||
CVE-2012-5454 | 1 Atutor | 1 Acontent | 2024-11-21 | N/A |
user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168. | ||||
CVE-2012-5453 | 1 Atutor | 1 Acontent | 2024-11-21 | N/A |
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | ||||
CVE-2012-5452 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2. | ||||
CVE-2012-5451 | 1 Tvmobili | 1 Tvmobili | 2024-11-21 | N/A |
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888. | ||||
CVE-2012-5450 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter. | ||||
CVE-2012-5445 | 1 Cisco | 3 Skinny Client Control Protocol Software, Unified Ip Phone, Unified Ip Phone 7906g | 2024-11-21 | N/A |
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. | ||||
CVE-2012-5444 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Servers Software | 2024-11-21 | N/A |
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. | ||||
CVE-2012-5429 | 2 Cisco, Microsoft | 2 Vpn Client, Windows | 2024-11-21 | N/A |
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. | ||||
CVE-2012-5427 | 1 Cisco | 1 Ios | 2024-11-21 | N/A |
Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. | ||||
CVE-2012-5424 | 1 Cisco | 1 Secure Access Control Server | 2024-11-21 | N/A |
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | ||||
CVE-2012-5422 | 1 Cisco | 5 As5400 Universal Gateway, As5400hpx Universal Gateway, As5400xm Media Gateway and 2 more | 2024-11-21 | N/A |
Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. | ||||
CVE-2012-5419 | 1 Cisco | 2 Adaptive Security Appliance Software, Asa 1000v Cloud Firewall | 2024-11-21 | N/A |
Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741. | ||||
CVE-2012-5417 | 1 Cisco | 1 Prime Data Center Network Manager | 2024-11-21 | N/A |
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. | ||||
CVE-2012-5416 | 1 Cisco | 1 Unified Meetingplace | 2024-11-21 | N/A |
Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341. | ||||
CVE-2012-5415 | 1 Cisco | 3 5500 Adaptive Security Appliance, 5500 Series Adaptive Security Appliance, Adaptive Security Appliance | 2024-11-21 | N/A |
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | ||||
CVE-2012-5409 | 1 Siemens | 1 Sipass Integrated | 2024-11-21 | N/A |
AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack. | ||||
CVE-2012-5395 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. | ||||
CVE-2012-5394 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading. | ||||
CVE-2012-5391 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. |