2012 CVEs

5939 CVEs published in 2012. 83 critical, 182 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2012
CVESeverityScorePublishedSummary
CVE-2012-6069Critical10.02013-01-21The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside…
CVE-2012-1516Critical9.92012-05-04The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of…
CVE-2012-10063Critical9.82025-10-30Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could…
CVE-2012-10060Critical9.82025-08-13Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username dur…
CVE-2012-10054Critical9.82025-08-13Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRS…
CVE-2012-10030Critical9.82025-08-05FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system director…
CVE-2012-10023Critical9.82025-08-05A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER comman…
CVE-2012-10021Critical9.82025-07-31A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function…
CVE-2012-10020Critical9.82025-07-22The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and…
CVE-2012-10019Critical9.82025-07-19The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions befor…
CVE-2012-5872Critical9.82023-04-26ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.
CVE-2012-2666Critical9.82021-07-09golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and execute…
CVE-2012-10001Critical9.82021-01-06The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to condu…
CVE-2012-0828Critical9.82020-02-21Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service…
CVE-2012-1124Critical9.82020-02-11SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms paramete…
CVE-2012-6611Critical9.82020-02-10An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.1…
CVE-2012-6306Critical9.82020-02-06A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.
CVE-2012-5686Critical9.82020-02-04ZPanel 10.0.1 has insufficient entropy for its password reset process.
CVE-2012-5618Critical9.82020-02-04Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
CVE-2012-1495Critical9.82020-01-27install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.