Lista CVE - 2012 / Maggio
Visualizzazione 401 - 425 di 425 CVE per Maggio 2012 (Pagina 5 di 5)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2012-2936 | 2012-05-27 | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a)... |
| CVE-2012-2937 | 2012-05-27 | Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display... |
| CVE-2012-2938 | 2012-05-27 | Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. |
| CVE-2012-2939 | 2012-05-27 | Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php,... |
| CVE-2012-2940 | 2012-05-27 | MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP,... |
| CVE-2012-2941 | 2012-05-27 | Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. |
| CVE-2012-2942 | 2012-05-27 | Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is... |
| CVE-2012-2943 | 2012-05-27 | CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter. |
| CVE-2012-2435 | 2012-05-27 | Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the... |
| CVE-2012-2949 | 2012-05-29 | The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via... |
| CVE-2011-3048 | 2012-05-29 | The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash)... |
| CVE-2012-0220 | 2012-05-29 | Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2)... |
| CVE-2012-0804 | 2012-05-29 | Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary... |
| CVE-2012-1053 | 2012-05-29 | The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly... |
| CVE-2012-1054 | 2012-05-29 | Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type,... |
| CVE-2012-1906 | 2012-05-29 | Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X... |
| CVE-2012-1986 | 2012-05-29 | Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key... |
| CVE-2012-1987 | 2012-05-29 | Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent... |
| CVE-2012-1988 | 2012-05-29 | Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and... |
| CVE-2012-2952 | 2012-05-29 | SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter. |
| CVE-2010-5099 | 2012-05-30 | The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows... |
| CVE-2012-2488 | 2012-05-31 | Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet,... |
| CVE-2012-0949 | 2012-05-31 | The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers... |
| CVE-2012-2352 | 2012-05-31 | The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related... |
| CVE-2012-0409 | 2012-06-01 | Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. |
| CVE-2012-2752 | 2012-06-01 | Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
| CVE-2012-2944 | 2012-06-01 | Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service... |
| CVE-2012-2947 | 2012-06-02 | chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled,... |
| CVE-2012-2948 | 2012-06-02 | chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to... |
| CVE-2012-1252 | 2012-06-04 | Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. |
| CVE-2012-1253 | 2012-06-04 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image... |
| CVE-2012-2630 | 2012-06-04 | The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a... |
| CVE-2012-1250 | 2012-06-04 | Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication. |
| CVE-2012-1251 | 2012-06-04 | Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2012-1254 | 2012-06-04 | Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1255 | 2012-06-04 | SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-2082 | 2012-06-04 | The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for... |
| CVE-2011-2083 | 2012-06-04 | Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-2084 | 2012-06-04 | Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access... |
| CVE-2011-2085 | 2012-06-04 | Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2011-4458 | 2012-06-04 | Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via... |
| CVE-2011-4459 | 2012-06-04 | Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by... |
| CVE-2011-4460 | 2012-06-04 | SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to... |
| CVE-2011-5092 | 2012-06-04 | Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and... |
| CVE-2011-5093 | 2012-06-04 | Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging... |
| CVE-2012-0060 | 2012-06-04 | RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag... |
| CVE-2012-0061 | 2012-06-04 | The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute... |
| CVE-2012-0815 | 2012-06-04 | The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a... |
| CVE-2012-0862 | 2012-06-04 | builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access... |
| CVE-2012-0944 | 2012-06-04 | Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via... |
| CVE-2012-1173 | 2012-06-04 | Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by... |
| CVE-2012-1667 | 2012-06-05 | ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows... |
| CVE-2012-0247 | 2012-06-05 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag... |
| CVE-2012-0248 | 2012-06-05 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the... |
| CVE-2012-0259 | 2012-06-05 | The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF... |
| CVE-2012-0260 | 2012-06-05 | The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart... |
| CVE-2012-0805 | 2012-06-05 | Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the... |
| CVE-2012-0920 | 2012-06-05 | Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions... |
| CVE-2012-1185 | 2012-06-05 | Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code... |
| CVE-2012-1186 | 2012-06-05 | Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in... |
| CVE-2012-1610 | 2012-06-05 | Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain... |
| CVE-2012-1798 | 2012-06-05 | The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF... |
| CVE-2012-2094 | 2012-06-05 | Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web... |
| CVE-2012-2144 | 2012-06-05 | Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. |
| CVE-2012-0441 | 2012-06-05 | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through... |
| CVE-2012-1937 | 2012-06-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before... |
| CVE-2012-1938 | 2012-06-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption... |
| CVE-2012-1939 | 2012-06-05 | jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service... |
| CVE-2012-1940 | 2012-06-05 | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10... |
| CVE-2012-1941 | 2012-06-05 | Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before... |
| CVE-2012-1942 | 2012-06-05 | The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in... |
| CVE-2012-1943 | 2012-06-05 | Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a... |
| CVE-2012-1944 | 2012-06-05 | The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10... |
| CVE-2012-1945 | 2012-06-05 | Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information... |
| CVE-2012-1946 | 2012-06-05 | Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10... |
| CVE-2012-1947 | 2012-06-05 | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before... |
| CVE-2012-3105 | 2012-06-05 | The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before... |
| CVE-2011-2911 | 2012-06-07 | Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV... |
| CVE-2011-2912 | 2012-06-07 | Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted... |
| CVE-2011-2913 | 2012-06-07 | Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via... |
| CVE-2011-2914 | 2012-06-07 | Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a... |
| CVE-2011-2915 | 2012-06-07 | Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a... |
| CVE-2012-0985 | 2012-06-07 | Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi... |
| CVE-2012-1013 | 2012-06-07 | The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL... |
| CVE-2012-2101 | 2012-06-07 | Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service... |
| CVE-2012-2667 | 2012-06-07 | Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." |
| CVE-2012-2762 | 2012-06-07 | SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. |
| CVE-2011-1761 | 2012-06-07 | Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly... |
| CVE-2012-1012 | 2012-06-07 | server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow... |
| CVE-2012-3290 | 2012-06-07 | Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
| CVE-2012-3291 | 2012-06-07 | Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner. |
| CVE-2012-3292 | 2012-06-07 | The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers... |
| CVE-2012-0948 | 2012-06-07 | DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. |
| CVE-2012-0507 | 2012-06-07 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows... |
| CVE-2012-1826 | 2012-06-08 | dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. |
| CVE-2012-2603 | 2012-06-08 | The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. |
| CVE-2012-1814 | 2012-06-08 | Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or... |
| CVE-2012-1815 | 2012-06-08 | SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified... |
| CVE-2012-1816 | 2012-06-08 | PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via... |
| CVE-2012-1817 | 2012-06-08 | Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a... |