Vulnerabilities (CVE)

Filtered by CWE-20
Total 11550 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-6554 1 A51dev 1 Activecollab Chat Module 2026-06-16 6.5 MEDIUM N/A
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVE-2012-6531 1 Zend 1 Zend Framework 2026-06-16 6.4 MEDIUM N/A
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
CVE-2012-6501 1 Hp 1 Pki Activex Control 2026-06-16 4.3 MEDIUM N/A
The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process.
CVE-2012-6499 2 Age Verification Project, Wordpress 2 Age Verification, Wordpress 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
CVE-2012-6461 1 Opera 1 Opera Browser 2026-06-16 5.0 MEDIUM N/A
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.
CVE-2012-6399 1 Cisco 1 Webex 2026-06-16 5.8 MEDIUM N/A
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.
CVE-2012-6395 1 Cisco 4 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 1000v Cloud Firewall and 1 more 2026-06-16 6.3 MEDIUM N/A
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.
CVE-2012-6392 2 Cisco, Linux 2 Prime Lan Management Solution, Linux Kernel 2026-06-16 10.0 HIGH N/A
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.
CVE-2012-6301 1 Google 1 Android 2026-06-16 5.0 MEDIUM N/A
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
CVE-2012-6153 1 Apache 1 Commons-httpclient 2026-06-16 4.3 MEDIUM N/A
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
CVE-2012-6152 1 Pidgin 1 Pidgin 2026-06-16 5.0 MEDIUM N/A
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
CVE-2012-6150 2 Canonical, Samba 2 Ubuntu Linux, Samba 2026-06-16 3.6 LOW N/A
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
CVE-2012-6135 2 Phusion, Redhat 2 Passenger, Openshift 2026-06-16 6.4 MEDIUM 7.5 HIGH
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2012-6125 1 Call-cc 1 Chicken 2026-06-16 7.5 HIGH 9.8 CRITICAL
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
CVE-2012-6123 2 Call-cc, Debian 2 Chicken, Debian Linux 2026-06-16 5.0 MEDIUM 6.5 MEDIUM
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
CVE-2012-6111 2 Debian, Gnome 2 Debian Linux, Gnome Keyring 2026-06-16 5.0 MEDIUM 7.5 HIGH
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
CVE-2012-6101 1 Moodle 1 Moodle 2026-06-16 5.8 MEDIUM N/A
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.
CVE-2012-6099 1 Moodle 1 Moodle 2026-06-16 4.0 MEDIUM N/A
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
CVE-2012-6087 1 Moodle 1 Moodle 2026-06-16 5.8 MEDIUM N/A
repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.
CVE-2012-6085 1 Gnupg 1 Gnupg 2026-06-16 5.8 MEDIUM N/A
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.