Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1581 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.
CVE-2012-1591 1 Drupal 1 Drupal 2025-04-11 N/A
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
CVE-2012-1590 1 Drupal 1 Drupal 2025-04-11 N/A
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
CVE-2012-1598 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
CVE-2012-1599 1 Joomla 1 Joomla\! 2025-04-11 N/A
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
CVE-2012-1641 2 Danielb, Drupal 2 Finder, Drupal 2025-04-11 N/A
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import.
CVE-2012-1644 2 Drupal, Gizra 2 Drupal, Og Vocab 2025-04-11 N/A
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.
CVE-2012-1649 2 Danielb, Drupal 2 Cool Aid, Drupal 2025-04-11 N/A
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
CVE-2012-2565 1 Bloxx 1 Web Filtering 2025-04-11 N/A
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
CVE-2012-2568 1 Seagate 1 Blackarmor Nas 2025-04-11 N/A
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
CVE-2012-2957 1 Symantec 1 Web Gateway 2025-04-11 N/A
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
CVE-2012-2691 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.
CVE-2012-2707 2 Antoine Beaupre, Drupal 2 Hostmaster, Drupal 2025-04-11 N/A
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.
CVE-2012-2720 2 Adam Ross, Drupal 2 Tokenauth, Drupal 2025-04-11 N/A
The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.
CVE-2012-2721 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2025-04-11 N/A
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVE-2012-2722 2 Drupal, Scott Reynen 2 Drupal, Node Embed 2025-04-11 N/A
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
CVE-2012-2725 2 Authoring Html, Drupal 2 6.x-1.0, Drupal 2025-04-11 N/A
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.
CVE-2012-3697 1 Apple 1 Safari 2025-04-11 N/A
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.
CVE-2012-3698 1 Apple 1 Xcode 2025-04-11 N/A
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.
CVE-2012-3713 1 Apple 1 Safari 2025-04-11 N/A
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.