Export limit exceeded: 336596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5483 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0279 | 1 Quest | 1 Toad For Data Analysts | 2025-04-11 | N/A |
| Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2012-0297 | 1 Symantec | 1 Web Gateway | 2025-04-11 | N/A |
| The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. | ||||
| CVE-2012-0298 | 1 Symantec | 1 Web Gateway | 2025-04-11 | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. | ||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2025-04-11 | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | ||||
| CVE-2012-0300 | 1 Symantec | 1 Message Filter | 2025-04-11 | N/A |
| Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors. | ||||
| CVE-2012-0304 | 1 Symantec | 1 Liveupdate Administrator | 2025-04-11 | N/A |
| Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2012-0322 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2025-04-11 | N/A |
| The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. | ||||
| CVE-2012-0326 | 2 Google, Tetsuya Aoyama | 2 Android, Twicca | 2025-04-11 | N/A |
| The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application. | ||||
| CVE-2012-0361 | 1 Cisco | 1 Ip Communicator | 2025-04-11 | N/A |
| The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. | ||||
| CVE-2012-0362 | 1 Cisco | 1 Ios | 2025-04-11 | N/A |
| The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. | ||||
| CVE-2012-0364 | 1 Cisco | 12 Small Business Srp520-u Series Firmware, Small Business Srp520 Series Firmware, Small Business Srp521w and 9 more | 2025-04-11 | N/A |
| Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. | ||||
| CVE-2012-0366 | 1 Cisco | 1 Unity Connection | 2025-04-11 | N/A |
| Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. | ||||
| CVE-2012-0371 | 1 Cisco | 13 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 10 more | 2025-04-11 | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. | ||||
| CVE-2012-0393 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. | ||||
| CVE-2012-0396 | 1 Emc | 1 Documentum Xplore | 2025-04-11 | N/A |
| EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | ||||
| CVE-2012-0398 | 1 Emc | 1 Documentum Eroom | 2025-04-11 | N/A |
| EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. | ||||
| CVE-2012-0406 | 1 Emc | 1 Data Protection Advisor | 2025-04-11 | N/A |
| The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. | ||||
| CVE-2012-0427 | 1 Opensuse | 1 Opensuse | 2025-04-11 | N/A |
| yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name. | ||||
| CVE-2012-0434 | 1 Novell | 1 Suse Cloud | 2025-04-11 | N/A |
| The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors. | ||||
| CVE-2012-0445 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. | ||||