Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5584 2 Drupal, M2osw 2 Drupal, Tableofcontents 2013-01-07 4.3 MEDIUM N/A
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.
CVE-2012-5587 2 Drupal, Epiqo 2 Drupal, Email 2013-01-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
CVE-2012-5868 1 Wordpress 1 Wordpress 2013-01-07 2.6 LOW N/A
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
CVE-2012-6325 1 Vmware 1 Vcenter Server Appliance 2013-01-07 4.0 MEDIUM N/A
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2012-6336 1 Lookout 1 Lookout 2013-01-07 3.3 LOW N/A
The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
CVE-2012-6348 1 Centrify 2 Centrify Deployment Manager, Centrify Suite 2013-01-07 3.3 LOW N/A
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.
CVE-2012-6428 1 Carlosgavazzi 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware 2013-01-07 10.0 HIGH N/A
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
CVE-2012-4555 1 Redhat 1 Certificate System 2013-01-07 4.0 MEDIUM N/A
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
CVE-2011-4316 1 Redhat 1 Enterprise Virtualization Manager 2013-01-07 3.7 LOW N/A
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors.
CVE-2012-5655 2 Drupal, Steven Jones 2 Drupal, Context 2013-01-06 5.0 MEDIUM N/A
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
CVE-2012-6082 1 Moinmo 1 Moinmoin 2013-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
CVE-2012-6426 1 Lemonldap-ng 1 Lemonldap\ 2013-01-06 7.5 HIGH N/A
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.
CVE-2012-6431 1 Sensiolabs 1 Symfony 2013-01-06 6.4 MEDIUM N/A
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
CVE-2012-6433 1 E107 1 E107 2013-01-06 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
CVE-2012-6434 1 E107 1 E107 2013-01-06 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
CVE-2012-6495 1 Moinmo 1 Moinmoin 2013-01-06 6.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
CVE-2012-6090 1 Swi-prolog 1 Swi-prolog 2013-01-04 7.5 HIGH N/A
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
CVE-2012-6089 1 Swi-prolog 1 Swi-prolog 2013-01-04 7.5 HIGH N/A
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
CVE-2009-4396 2 Fr.simon Rundell, Typo3 2 Pd Resources, Typo3 2013-01-03 7.5 HIGH N/A
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3245 1 Blackboard 1 Transact Suite 2013-01-03 2.1 LOW N/A
The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file.