Total
18198 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 9.8 Critical |
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | ||||
CVE-2012-1891 | 1 Microsoft | 7 Data Access Components, Windows 7, Windows Data Access Components and 4 more | 2024-11-21 | 9.8 Critical |
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." | ||||
CVE-2012-1823 | 8 Apple, Debian, Fedoraproject and 5 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2024-11-21 | 9.8 Critical |
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | ||||
CVE-2012-1723 | 2 Oracle, Redhat | 10 Jdk, Jre, Enterprise Linux and 7 more | 2024-11-21 | 9.8 Critical |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||||
CVE-2012-1577 | 3 Debian, Dietlibc Project, Openbsd | 3 Debian Linux, Dietlibc, Openbsd | 2024-11-21 | 9.8 Critical |
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | ||||
CVE-2012-1516 | 1 Vmware | 2 Esx, Esxi | 2024-11-21 | 9.9 Critical |
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | ||||
CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2024-11-21 | 9.8 Critical |
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | ||||
CVE-2012-1301 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 9.8 Critical |
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | ||||
CVE-2012-1259 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2024-11-21 | 9.8 Critical |
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. | ||||
CVE-2012-1187 | 1 Bitlbee | 1 Bitlbee | 2024-11-21 | 9.8 Critical |
Bitlbee does not drop extra group privileges correctly in unix.c | ||||
CVE-2012-1124 | 1 Phxeventmanager Project | 1 Phxeventmanager | 2024-11-21 | 9.8 Critical |
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | ||||
CVE-2012-10001 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2024-11-21 | 9.8 Critical |
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. | ||||
CVE-2012-0931 | 1 Schneider-electric | 1 Modicon Quantum Plc | 2024-11-21 | 9.8 Critical |
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | ||||
CVE-2012-0911 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 9.8 Critical |
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. | ||||
CVE-2012-0828 | 3 Gnome, Xchat, Xchat-wdk | 3 Gtk, Xchat, Xchat-wdk | 2024-11-21 | 9.8 Critical |
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). | ||||
CVE-2012-0824 | 1 Gnu | 1 Gnusound | 2024-11-21 | 9.8 Critical |
gnusound 0.7.5 has format string issue | ||||
CVE-2012-0694 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 9.8 Critical |
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | ||||
CVE-2011-5331 | 1 Distributed Ruby Project | 1 Distributed Ruby | 2024-11-21 | 9.8 Critical |
Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. | ||||
CVE-2011-5330 | 1 Distributed Ruby Project | 1 Distributed Ruby | 2024-11-21 | 9.8 Critical |
Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. | ||||
CVE-2011-5327 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. |