Export limit exceeded: 336910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5483 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2212 | 1 Mcafee | 1 Web Gateway | 2025-04-11 | N/A |
| McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers | ||||
| CVE-2012-2213 | 1 Squid-cache | 1 Squid | 2025-04-11 | N/A |
| Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br | ||||
| CVE-2012-2217 | 1 Htc | 14 Evo 3d, Evo 3d Software, Evo 4g and 11 more | 2025-04-11 | N/A |
| The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission. | ||||
| CVE-2012-2225 | 1 360zip | 1 360zip | 2025-04-11 | N/A |
| 360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction. | ||||
| CVE-2012-2244 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243. | ||||
| CVE-2012-2267 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2025-04-11 | N/A |
| master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. | ||||
| CVE-2012-2282 | 1 Emc | 3 Celerra Network Server, Vnx, Vnxe | 2025-04-11 | N/A |
| EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. | ||||
| CVE-2012-2291 | 3 Apple, Emc, Hp | 4 Mac Os X, Avamar, Avamar Plugin and 1 more | 2025-04-11 | N/A |
| EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. | ||||
| CVE-2012-2289 | 1 Emc | 2 Applicationxtender Desktop, Applicationxtender Web Access .net | 2025-04-11 | N/A |
| EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. | ||||
| CVE-2012-2292 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2025-04-11 | N/A |
| The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2012-2303 | 2 Drupal, Florian Weber | 2 Drupal, Spaces | 2025-04-11 | N/A |
| The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. | ||||
| CVE-2012-2304 | 2 Drupal, Emil Stjerneman | 2 Drupal, Linkit | 2025-04-11 | N/A |
| The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-2313 | 3 Linux, Novell, Redhat | 10 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 7 more | 2025-04-11 | N/A |
| The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. | ||||
| CVE-2012-2314 | 1 Fedoraproject | 1 Anaconda | 2025-04-11 | N/A |
| The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | ||||
| CVE-2012-2315 | 1 Openkm | 1 Openkm | 2025-04-11 | N/A |
| admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action. | ||||
| CVE-2012-2319 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-04-11 | N/A |
| Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. | ||||
| CVE-2012-2320 | 1 Connman | 1 Connman | 2025-04-11 | N/A |
| ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. | ||||
| CVE-2012-2337 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-11 | N/A |
| sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. | ||||
| CVE-2012-2335 | 1 Php | 1 Php | 2025-04-11 | N/A |
| php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. | ||||
| CVE-2012-2340 | 2 Drupal, Geoff Davies | 2 Drupal, Contact Forms | 2025-04-11 | N/A |
| The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. | ||||