Total 18198 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-2087 1 Ispconfig 1 Ispconfig 2024-11-21 9.8 Critical
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface.
CVE-2012-1891 1 Microsoft 7 Data Access Components, Windows 7, Windows Data Access Components and 4 more 2024-11-21 9.8 Critical
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
CVE-2012-1823 8 Apple, Debian, Fedoraproject and 5 more 20 Mac Os X, Debian Linux, Fedora and 17 more 2024-11-21 9.8 Critical
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2012-1723 2 Oracle, Redhat 10 Jdk, Jre, Enterprise Linux and 7 more 2024-11-21 9.8 Critical
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2012-1577 3 Debian, Dietlibc Project, Openbsd 3 Debian Linux, Dietlibc, Openbsd 2024-11-21 9.8 Critical
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVE-2012-1516 1 Vmware 2 Esx, Esxi 2024-11-21 9.9 Critical
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
CVE-2012-1495 1 Webcalendar Project 1 Webcalendar 2024-11-21 9.8 Critical
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
CVE-2012-1301 1 Umbraco 1 Umbraco Cms 2024-11-21 9.8 Critical
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
CVE-2012-1259 1 Plixer 1 Scrutinizer Netflow \& Sflow Analyzer 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.
CVE-2012-1187 1 Bitlbee 1 Bitlbee 2024-11-21 9.8 Critical
Bitlbee does not drop extra group privileges correctly in unix.c
CVE-2012-1124 1 Phxeventmanager Project 1 Phxeventmanager 2024-11-21 9.8 Critical
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
CVE-2012-10001 1 Limit Login Attempts Project 1 Limit Login Attempts 2024-11-21 9.8 Critical
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.
CVE-2012-0931 1 Schneider-electric 1 Modicon Quantum Plc 2024-11-21 9.8 Critical
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
CVE-2012-0911 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 9.8 Critical
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVE-2012-0828 3 Gnome, Xchat, Xchat-wdk 3 Gtk, Xchat, Xchat-wdk 2024-11-21 9.8 Critical
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
CVE-2012-0824 1 Gnu 1 Gnusound 2024-11-21 9.8 Critical
gnusound 0.7.5 has format string issue
CVE-2012-0694 1 Sugarcrm 1 Sugarcrm 2024-11-21 9.8 Critical
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVE-2011-5331 1 Distributed Ruby Project 1 Distributed Ruby 2024-11-21 9.8 Critical
Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.
CVE-2011-5330 1 Distributed Ruby Project 1 Distributed Ruby 2024-11-21 9.8 Critical
Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.
CVE-2011-5327 1 Linux 1 Linux Kernel 2024-11-21 9.8 Critical
In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.