Search Results (121135 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6555 1 Vanillaforums 1 Latestcomment 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
CVE-2012-6559 1 Freenac 1 Freenac 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.
CVE-2012-6566 1 Vanderbilt 1 Redcap 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-5226 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.
CVE-2010-3125 1 Wolterskluwer 1 Teammate Audit Management Software Suite 2025-04-11 N/A
Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx file.
CVE-2012-6575 2 Drupal, Mobile4social 2 Drupal, Exposed Filter Data 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6578 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
CVE-2012-0091 1 Oracle 1 Peoplesoft Products 2025-04-11 N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance.
CVE-2012-6590 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.
CVE-2012-0093 1 Oracle 1 Fusion Middleware 2025-04-11 N/A
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0071.
CVE-2012-6598 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.
CVE-2012-6599 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
CVE-2012-6603 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
CVE-2011-5253 1 Thegr 1 Dl 2025-04-11 N/A
Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header.
CVE-2012-6617 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
CVE-2012-6620 1 Horde 1 Kronolith H4 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0379 1 Oracle 1 Siebel Crm 2025-04-11 N/A
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0378.
CVE-2012-0106 1 Oracle 1 Fusion Middleware 2025-04-11 N/A
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web.
CVE-2012-6623 1 Vasthtml 1 Forumpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php.
CVE-2012-6626 1 Brian Cabunac 1 Browser To Email Phone Message System 2025-04-11 N/A
SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field.