CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2012-3487 Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | N/A | NONE | — | 0 |
| CVE-2012-4677 Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | N/A | NONE | — | 0 |
| CVE-2012-1175 Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a craft... | N/A | NONE | — | 0 |
| CVE-2012-1176 Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence. | N/A | NONE | — | 0 |
| CVE-2012-1177 libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofe... | N/A | NONE | — | 0 |
| CVE-2012-1296 Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web... | N/A | NONE | — | 0 |
| CVE-2012-1921 Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the ro... | N/A | NONE | — | 0 |
| CVE-2012-2103 The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | N/A | NONE | — | 0 |
| CVE-2012-2104 cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequence... | N/A | NONE | — | 0 |
| CVE-2012-2146 Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the datab... | N/A | NONE | — | 0 |
| CVE-2012-2147 munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. | N/A | NONE | — | 0 |
| CVE-2012-2297 Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to... | N/A | NONE | — | 0 |
| CVE-2012-4678 munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. | N/A | NONE | — | 0 |
| CVE-2012-1933 Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in ... | N/A | NONE | — | 0 |
| CVE-2012-1934 SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | N/A | NONE | — | 0 |
| CVE-2012-1935 Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admi... | N/A | NONE | — | 0 |
| CVE-2012-2112 Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script ... | N/A | NONE | — | 0 |
| CVE-2012-2128 Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. N... | N/A | NONE | — | 0 |
| CVE-2012-2129 Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action. | N/A | NONE | — | 0 |
| CVE-2012-4679 Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. | N/A | NONE | — | 0 |
| CVE-2011-4944 Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a usernam... | N/A | NONE | — | 0 |
| CVE-2012-0849 Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a cr... | N/A | NONE | — | 0 |
| CVE-2012-0855 Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecif... | N/A | NONE | — | 0 |
| CVE-2012-1586 mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message... | N/A | NONE | — | 0 |
| CVE-2012-3410 Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly... | N/A | NONE | — | 0 |
| CVE-2012-3418 libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the ... | N/A | NONE | — | 0 |
| CVE-2012-3419 Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | N/A | NONE | — | 0 |
| CVE-2012-3420 Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted ... | N/A | NONE | — | 0 |
| CVE-2012-3421 The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sen... | N/A | NONE | — | 0 |
| CVE-2012-3467 Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | N/A | NONE | — | 0 |
| CVE-2012-4036 Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via ... | N/A | NONE | — | 0 |
| CVE-2012-4680 Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary fi... | N/A | NONE | — | 0 |
| CVE-2012-1635 The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which a... | N/A | NONE | — | 0 |
| CVE-2012-1641 The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission t... | N/A | NONE | — | 0 |
| CVE-2012-1642 includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensit... | N/A | NONE | — | 0 |
| CVE-2012-1643 The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vecto... | N/A | NONE | — | 0 |
| CVE-2012-1644 The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unsp... | N/A | NONE | — | 0 |
| CVE-2012-1645 The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vec... | N/A | NONE | — | 0 |
| CVE-2011-4926 Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p... | N/A | NONE | — | 0 |
| CVE-2012-1647 Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drup... | N/A | NONE | — | 0 |
| CVE-2012-1650 The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated u... | N/A | NONE | — | 0 |
| CVE-2012-2085 The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. | N/A | NONE | — | 0 |
| CVE-2012-4685 Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML... | N/A | NONE | — | 0 |
| CVE-2012-4686 SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | N/A | NONE | — | 0 |
| CVE-2011-4918 Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task... | N/A | NONE | — | 0 |
| CVE-2011-5128 Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc... | N/A | NONE | — | 0 |
| CVE-2012-0307 Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail cont... | N/A | NONE | — | 0 |
| CVE-2012-0308 Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | N/A | NONE | — | 0 |
| CVE-2012-1956 Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes ... | N/A | NONE | — | 0 |
| CVE-2012-1970 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey be... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.