Export limit exceeded: 74799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4381 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.1 High |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | ||||
| CVE-2012-4030 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 7.5 High |
| Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. | ||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | ||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
| CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | ||||
| CVE-2012-3810 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has registry modification. | ||||
| CVE-2012-3809 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. | ||||
| CVE-2012-3808 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. | ||||
| CVE-2012-3806 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 High |
| Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service. | ||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-11-21 | 7.5 High |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | ||||
| CVE-2012-3490 | 1 Wisc | 1 Htcondor | 2024-11-21 | 8.8 High |
| The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 8.8 High |
| A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | ||||
| CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2024-11-21 | 7.8 High |
| ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | ||||
| CVE-2012-3407 | 1 Plow Project | 1 Plow | 2024-11-21 | 7.8 High |
| plow has local buffer overflow vulnerability | ||||
| CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | ||||
| CVE-2012-2979 | 1 Freebsd | 1 Name Server Daemon | 2024-11-21 | 7.5 High |
| FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. | ||||
| CVE-2012-2950 | 2 Gatewaygeomatics, Microsoft | 2 Mapserver, Windows | 2024-11-21 | 8.1 High |
| Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | ||||
| CVE-2012-2945 | 1 Apache | 1 Hadoop | 2024-11-21 | 7.5 High |
| Hadoop 1.0.3 contains a symlink vulnerability. | ||||
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2024-11-21 | 7.2 High |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | ||||
| CVE-2012-2656 | 1 Talend | 1 Restlet | 2024-11-21 | 7.5 High |
| An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | ||||