|
300751
|
9.8 |
CRITICAL
Network
|
sugarcrm
|
sugarcrm
|
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
|
CWE-20
Improper Input Validation
|
CVE-2012-0694
|
2024-11-21 10:35 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300752
|
8.8 |
HIGH
Network
|
adobe
|
shockwave_player
|
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-0771
|
2024-11-21 10:35 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300753
|
8.8 |
HIGH
Network
|
haudenschilt
|
family_connections_cms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2012-0699
|
2024-11-21 10:35 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300754
|
7.5 |
HIGH
Network
|
apache
|
xerces2_java
|
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
|
CWE-399
Resource Management Errors
|
CVE-2012-0881
|
2024-11-21 10:35 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300755
|
7.5 |
HIGH
Network
|
apache
|
xerces-c\+\+
|
Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
|
CWE-399
Resource Management Errors
|
CVE-2012-0880
|
2024-11-21 10:35 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300756
|
9.8 |
CRITICAL
Network
|
apache
|
cxf
|
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
|
CWE-287
Improper Authentication
|
CVE-2012-0803
|
2024-11-21 10:35 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300757
|
- |
|
postfix
|
postfix
|
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt func…
|
CWE-89
SQL Injection
|
CVE-2012-0811
|
2024-11-21 10:35 |
2014-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300758
|
- |
|
opensuse
systemd_project
|
opensuse
systemd
|
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on…
|
CWE-59
Link Following
|
CVE-2012-0871
|
2024-11-21 10:35 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300759
|
- |
|
puppet
|
puppet_enterprise
puppet_dashboard
|
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-0891
|
2024-11-21 10:35 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300760
|
- |
|
systemtap
|
systemtap
|
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0875
|
2024-11-21 10:35 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
