CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3411 | medium | — | 5.0 | 13y ago | Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplificat… | |||
| CVE-2012-4840 | medium | — | 5.0 | 13y ago | IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension fu… | |||
| CVE-2012-1016 | medium | — | 5.0 | 13y ago | The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts t… | |||
| CVE-2012-6128 | medium | — | 5.0 | 14y ago | Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie … | |||
| CVE-2012-5952 | medium | — | 5.0 | 14y ago | IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security oper… | |||
| CVE-2012-5375 | medium | — | 5.0 | 14y ago | The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a… | |||
| CVE-2012-5198 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-4712 | medium | — | 5.0 | 14y ago | Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||
| CVE-2012-6532 | medium | — | 5.0 | 14y ago | Zend Framework XEE Vulnerability | |||
| CVE-2012-6352 | medium | — | 5.0 | 14y ago | The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. | |||
| CVE-2012-6112 | medium | — | 5.0 | 14y ago | classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x be… | |||
| CVE-2012-6105 | medium | — | 5.0 | 14y ago | blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote atta… | |||
| CVE-2012-6104 | medium | — | 5.0 | 14y ago | blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and… | |||
| CVE-2012-4917 | medium | — | 5.0 | 14y ago | The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2012-6441 | medium | — | 5.0 | 14y ago | An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful expl… | |||
| CVE-2012-6515 | medium | — | 5.0 | 14y ago | eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the insta… | |||
| CVE-2012-6512 | medium | — | 5.0 | 14y ago | The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.… | |||
| CVE-2012-3364 | medium | — | 5.0 | 14y ago | Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possi… | |||
| CVE-2012-6113 | medium | — | 5.0 | 14y ago | The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process me… | |||
| CVE-2012-2124 | medium | — | 5.0 | 14y ago | functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial… | |||
| CVE-2012-5444 | medium | — | 5.0 | 14y ago | Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, ak… | |||
| CVE-2012-3170 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastru… | |||
| CVE-2012-3169 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastru… | |||
| CVE-2012-1702 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2012-1701 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI. | |||
| CVE-2012-5155 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions v… | |||
| CVE-2012-5152 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. | |||
| CVE-2012-5146 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | |||
| CVE-2012-5976 | medium | — | 5.0 | 14y ago | Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Dig… | |||
| CVE-2012-5655 | medium | — | 5.0 | 14y ago | The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information… | |||
| CVE-2012-5652 | medium | — | 5.0 | 14y ago | Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. | |||
| CVE-2012-5651 | medium | — | 5.0 | 14y ago | Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. | |||
| CVE-2012-6471 | medium | — | 5.0 | 14y ago | Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | |||
| CVE-2012-6469 | medium | — | 5.0 | 14y ago | Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. | |||
| CVE-2012-6466 | medium | — | 5.0 | 14y ago | Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image… | |||
| CVE-2012-6462 | medium | — | 5.0 | 14y ago | Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. | |||
| CVE-2012-6461 | medium | — | 5.0 | 14y ago | The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by caus… | |||
| CVE-2012-6460 | medium | — | 5.0 | 14y ago | Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. | |||
| CVE-2012-6084 | medium | — | 5.0 | 14y ago | modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a de… | |||
| CVE-2012-5573 | medium | — | 5.0 | 14y ago | The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial… | |||
| CVE-2012-6314 | medium | — | 5.0 | 14y ago | Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows aut… | |||
| CVE-2012-4616 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif… | |||
| CVE-2012-4444 | medium | — | 5.0 | 14y ago | The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. | |||
| CVE-2012-0841 | medium | — | 5.0 | 14y ago | libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumptio… | |||
| CVE-2012-6497 | medium | — | 5.0 | 14y ago | The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL i… | |||
| CVE-2012-5765 | medium | — | 5.0 | 14y ago | The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a… | |||
| CVE-2012-5643 | medium | — | 5.0 | 14y ago | Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory… | |||
| CVE-2012-5978 | medium | — | 5.0 | 14y ago | Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitra… | |||
| CVE-2012-5607 | medium | — | 5.0 | 14y ago | The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vec… | |||
| CVE-2012-5574 | medium | — | 5.0 | 14y ago | lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | |||
| CVE-2012-3277 | medium | — | 5.0 | 14y ago | HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remo… | |||
| CVE-2012-4977 | medium | — | 5.0 | 14y ago | Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network. | |||
| CVE-2012-4976 | medium | — | 5.0 | 14y ago | selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an er… | |||
| CVE-2012-3273 | medium | — | 5.0 | 14y ago | Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via… | |||
| CVE-2012-5055 | medium | — | 5.0 | 14y ago | Exposure of Sensitive Information to an Unauthorized Actor in Spring Security | |||
| CVE-2012-6062 | medium | — | 5.0 | 14y ago | The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infi… | |||
| CVE-2012-6061 | medium | — | 5.0 | 14y ago | The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, wh… | |||
| CVE-2012-6060 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a … | |||
| CVE-2012-6059 | medium | — | 5.0 | 14y ago | The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decr… | |||
| CVE-2012-6058 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a d… | |||
| CVE-2012-6057 | medium | — | 5.0 | 14y ago | The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remot… | |||
| CVE-2012-6056 | medium | — | 5.0 | 14y ago | Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infini… | |||
| CVE-2012-6055 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length f… | |||
| CVE-2012-6054 | medium | — | 5.0 | 14y ago | The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP add… | |||
| CVE-2012-6053 | medium | — | 5.0 | 14y ago | epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause… | |||
| CVE-2012-6052 | medium | — | 5.0 | 14y ago | Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. | |||
| CVE-2012-5859 | medium | — | 5.0 | 14y ago | Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. | |||
| CVE-2012-5554 | medium | — | 5.0 | 14y ago | The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading … | |||
| CVE-2012-5552 | medium | — | 5.0 | 14y ago | The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password his… | |||
| CVE-2012-1599 | medium | — | 5.0 | 14y ago | Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate… | |||
| CVE-2012-5614 | medium | — | 5.0 | 14y ago | Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT com… | |||
| CVE-2012-4561 | medium | — | 5.0 | 14y ago | The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an e… | |||
| CVE-2012-4477 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | |||
| CVE-2012-4475 | medium | — | 5.0 | 14y ago | The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and a… | |||
| CVE-2012-4471 | medium | — | 5.0 | 14y ago | The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the p… | |||
| CVE-2012-5568 | medium | — | 5.0 | 14y ago | Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||
| CVE-2012-4834 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files… | |||
| CVE-2012-4557 | medium | — | 5.0 | 14y ago | The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca… | |||
| CVE-2012-4841 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unk… | |||
| CVE-2012-6051 | medium | — | 5.0 | 14y ago | Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consum… | |||
| CVE-2012-5373 | medium | — | 5.0 | 14y ago | Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers… | |||
| CVE-2012-5372 | medium | — | 5.0 | 14y ago | Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) … | |||
| CVE-2012-5371 | medium | — | 5.0 | 14y ago | Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attac… | |||
| CVE-2012-5370 | medium | — | 5.0 | 14y ago | JRuby denial of service via Hash Collision | |||
| CVE-2012-2739 | medium | — | 5.0 | 14y ago | Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows co… | |||
| CVE-2012-5132 | medium | — | 5.0 | 14y ago | Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding. | |||
| CVE-2012-5130 | medium | — | 5.0 | 14y ago | Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2012-6049 | medium | — | 5.0 | 14y ago | Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error messa… | |||
| CVE-2012-2438 | medium | — | 5.0 | 14y ago | ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consump… | |||
| CVE-2012-4522 | medium | — | 5.0 | 14y ago | The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected… | |||
| CVE-2012-0818 | medium | — | 5.0 | 14y ago | Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy | |||
| CVE-2012-5526 | medium | — | 5.0 | 14y ago | CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applicati… | |||
| CVE-2012-5703 | medium | — | 5.0 | 14y ago | The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. | |||
| CVE-2012-5918 | medium | — | 5.0 | 14y ago | razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. | |||
| CVE-2012-4423 | medium | — | 5.0 | 14y ago | The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) a… | |||
| CVE-2012-4947 | medium | — | 5.0 | 14y ago | Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. | |||
| CVE-2012-4946 | medium | — | 5.0 | 14y ago | Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a… | |||
| CVE-2012-4575 | medium | — | 5.0 | 14y ago | The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. | |||
| CVE-2012-5916 | medium | — | 5.0 | 14y ago | Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql… | |||
| CVE-2012-5915 | medium | — | 5.0 | 14y ago | Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/mai… |