Search Results (26986 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5867 1 Ht Editor Project 1 Ht Editor 2024-11-21 9.8 Critical
HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability
CVE-2012-5699 1 Babygekko 1 Babygekko 2024-11-21 9.8 Critical
BabyGekko before 1.2.4 allows PHP file inclusion.
CVE-2012-5686 1 Zpanelcp 1 Zpanel 2024-11-21 9.8 Critical
ZPanel 10.0.1 has insufficient entropy for its password reset process.
CVE-2012-5618 1 Ushahidi 1 Ushahidi 2024-11-21 9.8 Critical
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
CVE-2012-5582 1 Opendnssec 1 Opendnssec 2024-11-21 9.8 Critical
opendnssec misuses libcurl API
CVE-2012-5190 1 Accusoft 1 Prizm Content Connect 2024-11-21 9.8 Critical
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
CVE-2012-4919 1 Gallery Project 1 Gallery 2024-11-21 9.8 Critical
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
CVE-2012-4750 1 Ezhometech 1 Ezserver 2024-11-21 9.8 Critical
A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service
CVE-2012-4284 1 Sparklabs 1 Viscosity 2024-11-21 9.8 Critical
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
CVE-2012-3807 1 Samsung 1 Kies 2024-11-21 9.8 Critical
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
CVE-2012-3460 1 Redhat 1 Enterprise Mrg 2024-11-21 9.8 Critical
cumin: At installation postgresql database user created without password
CVE-2012-2714 1 Browserid Project 1 Browserid 2024-11-21 9.8 Critical
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.
CVE-2012-2666 1 Golang 1 Go 2024-11-21 9.8 Critical
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
CVE-2012-2226 1 Invisioncommunity 1 Invision Power Board 2024-11-21 9.8 Critical
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
CVE-2012-2087 1 Ispconfig 1 Ispconfig 2024-11-21 9.8 Critical
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface.
CVE-2012-1577 3 Debian, Dietlibc Project, Openbsd 3 Debian Linux, Dietlibc, Openbsd 2024-11-21 9.8 Critical
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVE-2012-1495 1 Webcalendar Project 1 Webcalendar 2024-11-21 9.8 Critical
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
CVE-2012-1259 1 Plixer 1 Scrutinizer Netflow \& Sflow Analyzer 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.
CVE-2012-1187 1 Bitlbee 1 Bitlbee 2024-11-21 9.8 Critical
Bitlbee does not drop extra group privileges correctly in unix.c
CVE-2012-1124 1 Phxeventmanager Project 1 Phxeventmanager 2024-11-21 9.8 Critical
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.