Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5299 | 1 Mavili Guestbook Project | 1 Mavili Guestbook | 2024-11-21 | 7.5 HIGH | N/A |
| Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. | |||||
| CVE-2012-5298 | 1 Mavili Guestbook Project | 1 Mavili Guestbook | 2024-11-21 | 5.0 MEDIUM | N/A |
| Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. | |||||
| CVE-2012-5278 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2024-11-21 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5243 | 1 Bananadance | 1 Banana Dance | 2024-11-21 | 5.0 MEDIUM | N/A |
| functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request. | |||||
| CVE-2012-5218 | 1 Hp | 1 Elitepad | 2024-11-21 | 7.2 HIGH | N/A |
| HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors. | |||||
| CVE-2012-5217 | 1 Hp | 1 System Management Homepage | 2024-11-21 | 5.0 MEDIUM | N/A |
| HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355. | |||||
| CVE-2012-5187 | 1 Weathernews | 1 Weathernews Touch | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | |||||
| CVE-2012-5179 | 1 Boatmob | 2 Boat Browser, Boat Browser Mini | 2024-11-21 | 2.1 LOW | N/A |
| The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-5168 | 1 Atutor | 1 Acontent | 2024-11-21 | 7.5 HIGH | N/A |
| ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. | |||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2024-11-21 | 5.0 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2012-5146 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | 5.0 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | |||||
| CVE-2012-5117 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. | |||||
| CVE-2012-5037 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Ios | 2024-11-21 | 4.6 MEDIUM | N/A |
| The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | |||||
| CVE-2012-5007 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4993 | 1 Rivetcode | 1 Rivettracker | 2024-11-21 | 7.5 HIGH | N/A |
| torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact. | |||||
| CVE-2012-4985 | 1 Forescout | 1 Counteract | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets. | |||||
| CVE-2012-4975 | 1 Layton Technology | 1 Helpbox | 2024-11-21 | 4.0 MEDIUM | N/A |
| editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter. | |||||
| CVE-2012-4974 | 1 Laytontechnology | 1 Helpbox | 2024-11-21 | 6.5 MEDIUM | N/A |
| Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie. | |||||
| CVE-2012-4964 | 1 Samsung | 1 Printer Firmware | 2024-11-21 | 7.5 HIGH | N/A |
| The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | |||||
| CVE-2012-4954 | 1 Vanillaforums | 2 Vanilla, Vanilla Forums | 2024-11-21 | 3.5 LOW | N/A |
| The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. | |||||