CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1564 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0986 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO… | |||
| CVE-2012-5050 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4018 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||
| CVE-2012-5296 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approv… | |||
| CVE-2012-1636 | medium | — | 4.3 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes v… | |||
| CVE-2012-5232 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4437 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors t… | |||
| CVE-2012-2683 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web scr… | |||
| CVE-2012-4912 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script… | |||
| CVE-2012-4017 | medium | — | 4.3 | 14y ago | The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||
| CVE-2012-4016 | medium | — | 4.3 | 14y ago | The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | |||
| CVE-2012-2889 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | |||
| CVE-2012-2886 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Univer… | |||
| CVE-2012-2879 | medium | — | 4.3 | 14y ago | Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. | |||
| CVE-2012-5164 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/a… | |||
| CVE-2012-5163 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category ac… | |||
| CVE-2012-1117 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1646 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via th… | |||
| CVE-2012-1293 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to … | |||
| CVE-2012-1103 | medium | — | 4.3 | 14y ago | emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an … | |||
| CVE-2012-4015 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that tr… | |||
| CVE-2012-3037 | medium | — | 4.3 | 14y ago | The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web ser… | |||
| CVE-2012-3451 | medium | — | 4.3 | 14y ago | Remote web-service operation execution in Apache CXF | |||
| CVE-2012-5103 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parame… | |||
| CVE-2012-3746 | medium | — | 4.3 | 14y ago | UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a … | |||
| CVE-2012-3733 | medium | — | 4.3 | 14y ago | Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allo… | |||
| CVE-2012-3730 | medium | — | 4.3 | 14y ago | Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail me… | |||
| CVE-2012-3720 | medium | — | 4.3 | 14y ago | Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers t… | |||
| CVE-2012-3715 | medium | — | 4.3 | 14y ago | Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive informati… | |||
| CVE-2012-3714 | medium | — | 4.3 | 14y ago | The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card f… | |||
| CVE-2012-3713 | medium | — | 4.3 | 14y ago | Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a down… | |||
| CVE-2012-4995 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parame… | |||
| CVE-2012-3373 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc… | |||
| CVE-2012-0272 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge paramete… | |||
| CVE-2012-1183 | medium | — | 4.3 | 14y ago | Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when … | |||
| CVE-2012-3034 | medium | — | 4.3 | 14y ago | WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified method… | |||
| CVE-2012-3031 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web sc… | |||
| CVE-2012-2060 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2059 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1899 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name… | |||
| CVE-2012-4968 | medium | — | 4.3 | 14y ago | Silverstripe XSS Vulnerabilities | |||
| CVE-2012-4360 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2012-4013 | medium | — | 4.3 | 14y ago | The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a cra… | |||
| CVE-2012-4904 | medium | — | 4.3 | 14y ago | Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal… | |||
| CVE-2012-2975 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requ… | |||
| CVE-2012-2536 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-1892 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "X… | |||
| CVE-2012-4892 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) bo… | |||
| CVE-2012-4890 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to t… | |||
| CVE-2012-3326 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, a… | |||
| CVE-2012-3313 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Ser… | |||
| CVE-2012-1582 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2012-4012 | medium | — | 4.3 | 14y ago | The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application th… | |||
| CVE-2012-3255 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4388 | medium | — | 4.3 | 14y ago | The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote at… | |||
| CVE-2012-4872 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted tick… | |||
| CVE-2012-1612 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0822 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2012-0820 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than… | |||
| CVE-2012-1584 | medium | — | 4.3 | 14y ago | Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header… | |||
| CVE-2012-1108 | medium | — | 4.3 | 14y ago | The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. | |||
| CVE-2012-1107 | medium | — | 4.3 | 14y ago | The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape f… | |||
| CVE-2012-4397 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowf… | |||
| CVE-2012-4396 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) u… | |||
| CVE-2012-4395 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. | |||
| CVE-2012-4394 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||
| CVE-2012-3542 | medium | — | 4.3 | 14y ago | OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the use… | |||
| CVE-2012-3531 | medium | — | 4.3 | 14y ago | Typo3 Install Tool XSS Vulnerability | |||
| CVE-2012-3530 | medium | — | 4.3 | 14y ago | Typo3 API XSS Vulnerability | |||
| CVE-2012-2066 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticate… | |||
| CVE-2012-2064 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or… | |||
| CVE-2012-4744 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2012-4740 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2117 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2083 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbi… | |||
| CVE-2012-2872 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-2870 | medium | — | 4.3 | 14y ago | libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a cr… | |||
| CVE-2012-2865 | medium | — | 4.3 | 14y ago | Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | |||
| CVE-2012-3548 | medium | — | 4.3 | 14y ago | The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consum… | |||
| CVE-2012-3295 | medium | — | 4.3 | 14y ago | IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. | |||
| CVE-2012-3976 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows rem… | |||
| CVE-2012-3975 | medium | — | 4.3 | 14y ago | The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote… | |||
| CVE-2012-1956 | medium | — | 4.3 | 14y ago | Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes… | |||
| CVE-2012-0307 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail con… | |||
| CVE-2012-1647 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Dru… | |||
| CVE-2012-0849 | medium | — | 4.3 | 14y ago | Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a c… | |||
| CVE-2012-2129 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action. | |||
| CVE-2012-2112 | medium | — | 4.3 | 14y ago | Typo3 Exception Handler XSS | |||
| CVE-2012-2146 | medium | — | 4.3 | 14y ago | Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the data… | |||
| CVE-2012-1296 | medium | — | 4.3 | 14y ago | Elefant CMS Multiple XSS Vulnerabilities | |||
| CVE-2012-4675 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. | |||
| CVE-2012-4667 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user par… | |||
| CVE-2012-0048 | medium | — | 4.3 | 14y ago | OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slo… | |||
| CVE-2012-4604 | medium | — | 4.3 | 14y ago | The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a … | |||
| CVE-2012-3502 | medium | — | 4.3 | 14y ago | The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi… | |||
| CVE-2012-4597 | medium | — | 4.3 | 14y ago | Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to… | |||
| CVE-2012-4596 | medium | — | 4.3 | 14y ago | Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. | |||
| CVE-2012-4590 | medium | — | 4.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or … | |||
| CVE-2012-4588 | medium | — | 4.3 | 14y ago | McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administ… |