Export limit exceeded: 347856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1579 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2012-1589 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | ||||
| CVE-2012-1607 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. | ||||
| CVE-2012-1608 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. | ||||
| CVE-2012-1614 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-11 | N/A |
| Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message. | ||||
| CVE-2012-1645 | 2 Drupal, Wimleers | 2 Drupal, Cdn | 2025-04-11 | N/A |
| The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php. | ||||
| CVE-2012-1662 | 2 Broadcom, Microsoft | 2 Arcserve Backup, Windows | 2025-04-11 | N/A |
| CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. | ||||
| CVE-2012-1670 | 1 Phpgradebook | 1 Php Grade Book | 2025-04-11 | N/A |
| admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action. | ||||
| CVE-2012-1783 | 1 Saurabh Gupta | 1 Tiny Server | 2025-04-11 | N/A |
| Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number. | ||||
| CVE-2012-1786 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2025-04-11 | N/A |
| The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. | ||||
| CVE-2012-1817 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2025-04-11 | N/A |
| Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. | ||||
| CVE-2012-1848 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." | ||||
| CVE-2012-1890 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." | ||||
| CVE-2012-1896 | 1 Microsoft | 6 .net Framework, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." | ||||
| CVE-2012-1893 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." | ||||
| CVE-2012-1902 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. | ||||
| CVE-2012-1920 | 1 Atmail | 1 Atmail Open | 2025-04-11 | N/A |
| @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | ||||
| CVE-2012-1926 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information. | ||||
| CVE-2012-1927 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. | ||||
| CVE-2012-1928 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain. | ||||