CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5100 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH… | |||
| CVE-2012-1626 | medium | — | 6.0 | 14y ago | SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to exec… | |||
| CVE-2012-1625 | medium | — | 6.0 | 14y ago | Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authent… | |||
| CVE-2012-1638 | medium | — | 6.0 | 14y ago | SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL comman… | |||
| CVE-2012-4906 | medium | — | 6.0 | 14y ago | Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by… | |||
| CVE-2012-3572 | medium | — | 6.0 | 14y ago | Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP … | |||
| CVE-2012-2983 | medium | — | 6.0 | 14y ago | file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file fi… | |||
| CVE-2012-2981 | medium | — | 6.0 | 14y ago | Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. | |||
| CVE-2012-4404 | medium | — | 6.0 | 14y ago | security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users … | |||
| CVE-2012-4878 | medium | — | 6.0 | 14y ago | Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/File… | |||
| CVE-2012-4867 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. | |||
| CVE-2012-1614 | medium | — | 6.0 | 14y ago | Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat paramete… | |||
| CVE-2012-4737 | medium | — | 6.0 | 14y ago | channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiu… | |||
| CVE-2012-3325 | medium | — | 6.0 | 14y ago | IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly … | |||
| CVE-2012-1650 | medium | — | 6.0 | 14y ago | The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated … | |||
| CVE-2012-1641 | medium | — | 6.0 | 14y ago | The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission … | |||
| CVE-2012-0744 | medium | — | 6.0 | 14y ago | IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcou… | |||
| CVE-2012-2073 | medium | — | 6.0 | 14y ago | The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permis… | |||
| CVE-2012-4269 | medium | — | 6.0 | 14y ago | Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. | |||
| CVE-2012-2626 | medium | — | 6.0 | 14y ago | cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative acc… | |||
| CVE-2012-2977 | medium | — | 6.0 | 14y ago | The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. | |||
| CVE-2012-4031 | medium | — | 6.0 | 14y ago | Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid coo… | |||
| CVE-2012-3996 | medium | — | 6.0 | 14y ago | TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_se… | |||
| CVE-2012-2138 | medium | — | 6.0 | 14y ago | Apache Sling POST Servlets Denial of Service Vulnerability | |||
| CVE-2012-3845 | medium | — | 6.0 | 14y ago | Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request. | |||
| CVE-2012-3838 | medium | — | 6.0 | 14y ago | Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. | |||
| CVE-2012-3796 | medium | — | 6.0 | 14y ago | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted… | |||
| CVE-2012-3795 | medium | — | 6.0 | 14y ago | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet… | |||
| CVE-2012-3794 | medium | — | 6.0 | 14y ago | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon cra… | |||
| CVE-2012-3793 | medium | — | 6.0 | 14y ago | Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) … | |||
| CVE-2012-3792 | medium | — | 6.0 | 14y ago | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via … | |||
| CVE-2012-3588 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. | |||
| CVE-2012-3347 | medium | — | 6.0 | 14y ago | AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /j… | |||
| CVE-2012-1826 | medium | — | 6.0 | 14y ago | dotCMS allows remote authenticated users to execute arbitrary Java code | |||
| CVE-2012-2919 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. | |||
| CVE-2012-2905 | medium | — | 6.0 | 14y ago | Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a di… | |||
| CVE-2012-2902 | medium | — | 6.0 | 14y ago | Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows rem… | |||
| CVE-2012-2612 | medium | — | 6.0 | 14y ago | The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon cras… | |||
| CVE-2012-2514 | medium | — | 6.0 | 14y ago | The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon … | |||
| CVE-2012-2513 | medium | — | 6.0 | 14y ago | The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) … | |||
| CVE-2012-2512 | medium | — | 6.0 | 14y ago | The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon … | |||
| CVE-2012-2511 | medium | — | 6.0 | 14y ago | The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon cr… | |||
| CVE-2012-2336 | medium | — | 6.0 | 14y ago | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which al… | |||
| CVE-2012-2329 | medium | — | 6.0 | 14y ago | Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in t… | |||
| CVE-2012-0733 | medium | — | 6.0 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a sessio… | |||
| CVE-2012-0730 | medium | — | 6.0 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requ… | |||
| CVE-2012-0729 | medium | — | 6.0 | 14y ago | Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and… | |||
| CVE-2012-0407 | medium | — | 6.0 | 14y ago | Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value… | |||
| CVE-2012-2215 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. | |||
| CVE-2012-0221 | medium | — | 6.0 | 14y ago | The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspeci… | |||
| CVE-2012-1670 | medium | — | 6.0 | 14y ago | admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action. | |||
| CVE-2012-1843 | medium | — | 6.0 | 14y ago | Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library… | |||
| CVE-2012-1466 | medium | — | 6.0 | 14y ago | The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in… | |||
| CVE-2012-1464 | medium | — | 6.0 | 14y ago | Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to ac… | |||
| CVE-2012-1790 | medium | — | 6.0 | 14y ago | Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. | |||
| CVE-2012-0292 | medium | — | 6.0 | 14y ago | The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution … | |||
| CVE-2012-0996 | medium | — | 6.0 | 15y ago | Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/in… | |||
| CVE-2012-1235 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: t… | |||
| CVE-2012-0241 | medium | — | 6.0 | 15y ago | Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | |||
| CVE-2012-0235 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-1221 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command. | |||
| CVE-2012-0994 | medium | — | 6.0 | 15y ago | SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList para… | |||
| CVE-2012-1196 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot… | |||
| CVE-2012-1009 | medium | — | 6.0 | 15y ago | NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | |||
| CVE-2012-0789 | medium | — | 6.0 | 15y ago | Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not prop… | |||
| CVE-2012-0788 | medium | — | 6.0 | 15y ago | The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted applica… | |||
| CVE-2012-1057 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers … | |||
| CVE-2012-0829 | medium | — | 6.0 | 15y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site sc… | |||
| CVE-2012-0840 | medium | — | 6.0 | 15y ago | tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen… | |||
| CVE-2012-1031 | medium | — | 6.0 | 15y ago | Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit M… | |||
| CVE-2012-1008 | medium | — | 6.0 | 15y ago | OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. | |||
| CVE-2012-1025 | medium | — | 6.0 | 15y ago | Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||
| CVE-2012-1024 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2012-0981 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these det… | |||
| CVE-2012-0937 | medium | — | 6.0 | 15y ago | wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attacker… | |||
| CVE-2012-0902 | medium | — | 6.0 | 15y ago | AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. | |||
| CVE-2012-0896 | medium | — | 6.0 | 15y ago | Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. | |||
| CVE-2012-0781 | medium | — | 6.0 | 15y ago | The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to… | |||
| CVE-2012-6702 | medium | 5.9 | 5.9 | 10y ago | Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors in… | |||
| CVE-2012-0957 | medium | — | 5.9 | 14y ago | The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with… | |||
| CVE-2012-5821 | medium | 5.9 | 5.9 | 14y ago | Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to … | |||
| CVE-2012-5810 | medium | 5.9 | 5.9 | 14y ago | The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whi… | |||
| CVE-2012-3446 | medium | 5.9 | 5.9 | 14y ago | Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o… | |||
| CVE-2012-3186 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3185 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3183 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3552 | medium | 5.9 | 5.9 | 14y ago | Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an applicatio… | |||
| CVE-2012-3375 | medium | — | 5.9 | 14y ago | The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service … | |||
| CVE-2012-2993 | medium | 5.9 | 5.9 | 14y ago | Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) … | |||
| CVE-2012-1683 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd. | |||
| CVE-2012-5583 | medium | — | 5.8 | 12y ago | phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a… | |||
| CVE-2012-5662 | medium | — | 5.8 | 12y ago | x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-1100 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login … | |||
| CVE-2012-0062 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | |||
| CVE-2012-0052 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered… | |||
| CVE-2012-4115 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing… | |||
| CVE-2012-4117 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic … | |||
| CVE-2012-4114 | medium | — | 5.8 | 13y ago | The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network o… | |||
| CVE-2012-4092 | medium | — | 5.8 | 13y ago | The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attacker… | |||
| CVE-2012-5338 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin acti… |