Export limit exceeded: 351332 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5490 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2025-04-11 | N/A |
| The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. | ||||
| CVE-2012-4498 | 2 Drupal, Morbus Iff | 2 Drupal, Activism | 2025-04-11 | N/A |
| The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact. | ||||
| CVE-2012-4499 | 2 Drupal, Matthias Hutterer | 2 Drupal, Email | 2025-04-11 | N/A |
| The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. | ||||
| CVE-2012-4500 | 2 Drupal, Nancy Wichmann | 2 Drupal, Announcements | 2025-04-11 | N/A |
| The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | ||||
| CVE-2012-4501 | 2 Apache, Citrix | 2 Cloudstack, Cloudstack | 2025-04-11 | N/A |
| Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | ||||
| CVE-2012-4510 | 1 Cups-pk-helper Project | 1 Cups-pk-helper | 2025-04-11 | N/A |
| cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources. | ||||
| CVE-2012-4518 | 2 Openfabrics, Redhat | 2 Ibacm, Enterprise Linux | 2025-04-11 | N/A |
| ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. | ||||
| CVE-2012-5168 | 1 Atutor | 1 Acontent | 2025-04-11 | N/A |
| ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. | ||||
| CVE-2012-5179 | 1 Boatmob | 2 Boat Browser, Boat Browser Mini | 2025-04-11 | N/A |
| The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2012-5187 | 1 Weathernews | 1 Weathernews Touch | 2025-04-11 | N/A |
| The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | ||||
| CVE-2012-5217 | 1 Hp | 1 System Management Homepage | 2025-04-11 | N/A |
| HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355. | ||||
| CVE-2012-5218 | 1 Hp | 1 Elitepad | 2025-04-11 | N/A |
| HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors. | ||||
| CVE-2009-4832 | 1 Deslock | 1 Deslock\+ | 2025-04-11 | N/A |
| The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device. | ||||
| CVE-2012-5278 | 6 Adobe, Apple, Google and 3 more | 8 Air, Air Sdk, Flash Player and 5 more | 2025-04-11 | N/A |
| Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-5298 | 1 Mavili Guestbook Project | 1 Mavili Guestbook | 2025-04-11 | N/A |
| Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. | ||||
| CVE-2012-5299 | 1 Mavili Guestbook Project | 1 Mavili Guestbook | 2025-04-11 | N/A |
| Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. | ||||
| CVE-2012-5302 | 1 Tibco | 1 Formvine | 2025-04-11 | N/A |
| The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2012-5385 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-11 | N/A |
| install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | ||||
| CVE-2009-4825 | 1 8pixel | 1 Simple Blog | 2025-04-11 | N/A |
| 8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb. | ||||
| CVE-2012-5417 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-11 | N/A |
| Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. | ||||