Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3839 | 1 Myclientbase | 1 Myclientbase | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. | |||||
| CVE-2012-3840 | 1 Myclientbase | 1 Myclientbase | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters. | |||||
| CVE-2012-3841 | 1 Kmplayer | 1 Kmplayer | 2017-08-28 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. | |||||
| CVE-2012-3843 | 1 E107 | 1 E107 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3844 | 1 Vbulletin | 1 Vbulletin | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. | |||||
| CVE-2012-3845 | 1 Lan Messenger | 1 Lan Messenger1.2.28 | 2017-08-28 | 5.0 MEDIUM | N/A |
| Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request. | |||||
| CVE-2012-3846 | 1 Atmoner | 1 Php-pastebin | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2012-3895 | 1 Cisco | 1 Ios | 2017-08-28 | 6.3 MEDIUM | N/A |
| Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. | |||||
| CVE-2012-3901 | 1 Cisco | 6 Intrusion Prevention System, Ips 4240, Ips 4250 Sx and 3 more | 2017-08-28 | 5.0 MEDIUM | N/A |
| The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144. | |||||
| CVE-2012-3915 | 1 Cisco | 1 Ios | 2017-08-28 | 5.0 MEDIUM | N/A |
| The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. | |||||
| CVE-2012-3919 | 1 Cisco | 1 Application Control Engine Module | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879. | |||||
| CVE-2012-3923 | 1 Cisco | 1 Ios | 2017-08-28 | 3.5 LOW | N/A |
| The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. | |||||
| CVE-2012-3924 | 1 Cisco | 1 Ios | 2017-08-28 | 3.5 LOW | N/A |
| The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961. | |||||
| CVE-2012-3935 | 1 Cisco | 2 Jabber Extensible Communications Platform, Unified Presence | 2017-08-28 | 7.8 HIGH | N/A |
| Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. | |||||
| CVE-2012-3950 | 1 Cisco | 1 Ios | 2017-08-28 | 7.1 HIGH | N/A |
| The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976. | |||||
| CVE-2012-3952 | 1 Phplist | 1 Phplist | 2017-08-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | |||||
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | |||||
| CVE-2012-3981 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 5.0 MEDIUM | N/A |
| Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. | |||||
| CVE-2012-4000 | 1 Ckeditor | 1 Fckeditor | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. | |||||
| CVE-2012-4018 | 1 Finalbeta | 1 Mywebsearch | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||