Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2442 | 1 Nokia | 1 Pc Suite | 2017-08-29 | 4.3 MEDIUM | N/A |
| Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. | |||||
| CVE-2012-2451 | 1 Shlomi Fish | 1 Config-inifiles | 2017-08-29 | 3.6 LOW | N/A |
| The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries. | |||||
| CVE-2012-2511 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-2512 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-2513 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-2562 | 2 Google, Xelex | 2 Android, Mobiletrack | 2017-08-29 | 7.6 HIGH | N/A |
| The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message. | |||||
| CVE-2012-2567 | 2 Google, Xelex | 2 Android, Mobiletrack | 2017-08-29 | 2.6 LOW | N/A |
| The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session. | |||||
| CVE-2012-2568 | 1 Seagate | 1 Blackarmor Nas | 2017-08-29 | 10.0 HIGH | N/A |
| d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors. | |||||
| CVE-2012-2569 | 1 Synametrics | 1 Xeams | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||||
| CVE-2012-2570 | 1 Qualiteam | 1 X-cart | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter. | |||||
| CVE-2012-2572 | 1 Mindreantre | 1 Threewp Email Reflector | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. | |||||
| CVE-2012-2577 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. | |||||
| CVE-2012-2579 | 1 Wp Simplemail Project | 1 Wp Simplemail | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email. | |||||
| CVE-2012-2583 | 1 Mini Mail Dashboard Widget Project | 1 Mini Mail Dashboard Widget | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||||
| CVE-2012-2584 | 1 Altn | 1 Mdaemon | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document. | |||||
| CVE-2012-2588 | 1 Mailenable | 1 Mailenable | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message. | |||||
| CVE-2012-2591 | 1 Emailarchitect | 1 Emailarchitect Email Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email. | |||||
| CVE-2012-2592 | 1 Axigen | 1 Axigen Mail Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||||
| CVE-2012-2601 | 1 Ipswitch | 1 Whatsup Gold | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | |||||
| CVE-2012-2654 | 1 Openstack | 3 Compute, Diablo, Essex | 2017-08-29 | 4.3 MEDIUM | N/A |
| The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2012-2657 | 1 Unixodbc | 1 Unixodbc | 2017-08-29 | 2.1 LOW | N/A |
| ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. | |||||
| CVE-2012-2658 | 1 Unixodbc | 1 Unixodbc | 2017-08-29 | 2.1 LOW | N/A |
| ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. | |||||
| CVE-2012-2662 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages. | |||||
| CVE-2012-2664 | 1 Redhat | 1 Sos | 2017-08-29 | 4.3 MEDIUM | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | |||||
| CVE-2012-2667 | 1 Sensiolabs | 1 Symfony | 2017-08-29 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | |||||
| CVE-2012-2668 | 1 Openldap | 1 Openldap | 2017-08-29 | 4.3 MEDIUM | N/A |
| libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. | |||||
| CVE-2012-2670 | 1 O-dyn | 1 Collabtive | 2017-08-29 | 6.5 MEDIUM | N/A |
| manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar. | |||||
| CVE-2012-2672 | 1 Oracle | 1 Mojarra | 2017-08-29 | 2.1 LOW | N/A |
| Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function. | |||||
| CVE-2012-2679 | 1 Redhat | 1 Rhncfg | 2017-08-29 | 2.1 LOW | N/A |
| Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file. | |||||
| CVE-2012-2680 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." | |||||
| CVE-2012-2681 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 5.8 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. | |||||
| CVE-2012-2683 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." | |||||
| CVE-2012-2685 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 4.0 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. | |||||
| CVE-2012-2690 | 1 Libguestfs | 1 Libguestfs | 2017-08-29 | 2.1 LOW | N/A |
| virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. | |||||
| CVE-2012-2696 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 2.7 LOW | N/A |
| The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | |||||
| CVE-2012-2698 | 1 Mediawiki | 1 Mediawiki | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. | |||||
| CVE-2012-2702 | 2 Drupal, Tony Freixas | 2 Drupal, Ubercart Product Keys | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. | |||||
| CVE-2012-2703 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2017-08-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | |||||
| CVE-2012-2704 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. | |||||
| CVE-2012-2705 | 2 Christopher Mitchell, Drupal | 2 Smart Breadcrumb, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | |||||
| CVE-2012-2706 | 2 Drupal, Peter Pokrivcak | 2 Drupal, Post Affiliate Pro | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. | |||||
| CVE-2012-2707 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2017-08-29 | 5.8 MEDIUM | N/A |
| The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. | |||||
| CVE-2012-2708 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. | |||||
| CVE-2012-2710 | 2 Drupal, John Albin | 2 Drupal, Zen | 2017-08-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | |||||
| CVE-2012-2711 | 2 Drupal, Nancy Wichmann | 2 Drupal, Taxonomy List | 2017-08-29 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | |||||
| CVE-2012-2712 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2017-08-29 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. | |||||
| CVE-2012-2715 | 2 Drupal, Jason Moore | 2 Drupal, Amadou | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. | |||||
| CVE-2012-2716 | 2 David Stosik, Drupal | 2 Comment Moderation, Drupal | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments. | |||||
| CVE-2012-2717 | 2 Drupal, Mathew Winstone | 2 Drupal, Mobile Tools | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. | |||||
| CVE-2012-2718 | 2 Drupal, Drupal-id | 2 Drupal, Counter Module | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | |||||