CVE Daily
← All years

All CVEs — 2012

Page 4/26.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2012-11-07
Critical

CVE-2012-5277

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5276

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5275

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5274

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
2012-11-06
Medium

CVE-2011-5243

TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacker…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-5242

tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-5241

Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-5240

Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-5239

CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-5238

google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which a…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-5237

PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle at…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-5236

Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in…

CVSS: 5.8 CWE: CWE-20
Read more
2012-11-04
Medium

CVE-2012-5825

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to s…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5824

Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle att…

CVSS: 5.8 CWE: CWE-295
Read more
Medium

CVE-2012-5823

Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…

CVSS: 5.8 CWE: CWE-20
Read more
High

CVE-2012-5822

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man…

CVSS: 7.4 CWE: CWE-295
Read more
Medium

CVE-2012-5821

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to…

CVSS: 5.9 CWE: CWE-295
Read more
Medium

CVE-2012-5820

The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, wh…

CVSS: 5.8 CWE: CWE-20
Read more
High

CVE-2012-5819

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacke…

CVSS: 7.4 CWE: CWE-295
Read more
Medium

CVE-2012-5818

ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacke…

CVSS: 5.8 CWE: CWE-20
Read more
High

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)…

CVSS: 7.4 CWE: CWE-295
Read more
Medium

CVE-2012-5816

AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5815

The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5814

Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certif…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5813

The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5812

The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5810

The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whi…

CVSS: 5.9 CWE: CWE-295
Read more
Medium

CVE-2012-5808

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5807

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5806

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5805

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allow…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5804

The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5803

The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ma…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5802

The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5801

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5800

The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5799

The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5798

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5797

The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5796

The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5795

The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5794

The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5793

The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5792

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allow…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5791

PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle atta…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5790

PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5789

PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5788

The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5787

The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5786

The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5785

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5784

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, do…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's…

CVSS: 5.8 CWE: CWE-295
Read more
Medium

CVE-2012-5782

Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, w…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5781

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5780

The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-3446

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o…

CVSS: 5.9 CWE: CWE-295
Read more
Medium

CVE-2012-5170

Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-4987

Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pat…

CVSS: 6.8 CWE: CWE-119
Read more
2012-11-03
Medium

CVE-2012-3749

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the AS…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Jav…

CVSS: 5.1 CWE: CWE-362
Read more
2012-11-02
Low

CVE-2012-4497

Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permissi…

CVSS: 2.1 CWE: CWE-79
Read more
Low

CVE-2012-4493

Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better…

CVSS: 2.1 CWE: CWE-79
Read more
Medium

CVE-2012-4486

Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the us…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2012-5416

Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon han…

CVSS: 7.8 CWE: CWE-119
Read more
2012-11-01
Low

CVE-2012-5705

Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administ…

CVSS: 2.1 CWE: CWE-79
Read more
High

CVE-2012-5687

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrar…

CVSS: 7.8 CWE: CWE-22
Read more
Critical

CVE-2012-5409

AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data t…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-3026

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruptio…

CVSS: 10.0 CWE: CWE-20
Read more
Critical

CVE-2012-3021

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruptio…

CVSS: 10.0 CWE: CWE-20
Read more
Critical

CVE-2012-3010

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruptio…

CVSS: 10.0 CWE: CWE-20
Read more
2012-10-31
Medium

CVE-2012-4940

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName…

CVSS: 6.4 CWE: CWE-22
Read more
Medium

CVE-2012-4939

Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject ar…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5671

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn contro…

CVSS: 6.8 CWE: CWE-119
Read more
Low

CVE-2012-4544

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of se…

CVSS: 2.1 CWE: CWE-20
Read more
Medium

CVE-2012-4532

Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4531

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2012-4496

Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject a…

CVSS: 2.1 CWE: CWE-79
Read more
Low

CVE-2012-4492

Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions…

CVSS: 2.1 CWE: CWE-79
Read more
Medium

CVE-2012-4490

Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4489

Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites a…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-4485

Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow rem…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4484

Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via un…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4482

The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspeci…

CVSS: 5.0 CWE: CWE-20
Read more
Low

CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1…

CVSS: 2.7 CWE: CWE-20
Read more
Medium

CVE-2012-4547

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

CVSS: 4.3 CWE: CWE-79
Read more
2012-10-29
High

CVE-2012-4663

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2…

CVSS: 7.1 CWE: CWE-119
Read more
High

CVE-2012-4662

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2…

CVSS: 7.1 CWE: CWE-119
Read more
Critical

CVE-2012-4661

Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices,…

CVSS: 9.0 CWE: CWE-119
Read more
High

CVE-2012-4660

The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17…

CVSS: 7.8 CWE: CWE-119
Read more
High

CVE-2012-4659

The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, w…

CVSS: 7.1 CWE: CWE-287
Read more
Medium

CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same O…

CVSS: 6.4 CWE: CWE-74
Read more
Medium

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does n…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4194

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to…

CVSS: 4.3 CWE: CWE-79
Read more
2012-10-28
Medium

CVE-2012-4447

Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF im…

CVSS: 6.8 CWE: CWE-119
Read more
2012-10-26
Medium

CVE-2012-5470

libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.

CVSS: 4.3 CWE: CWE-119
Read more
Medium

CVE-2012-4729

Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands.

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2012-4019

Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error pa…

CVSS: 4.3 CWE: CWE-79
Read more
2012-10-25
High

CVE-2011-5235

SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2011-5234

SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5233

Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.

CVSS: 4.3 CWE: CWE-119
Read more
High

CVE-2011-5230

Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arb…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2011-5229

SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5228

Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2011-5227

Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field i…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2011-5226

Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for reque…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2011-5225

Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-5224

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5223

Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-5222

SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5221

Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5220

Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to i…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5219

Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

CVSS: 5.0 CWE: CWE-22
Read more
High

CVE-2011-5218

SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5217

Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary fi…

CVSS: 5.0 CWE: CWE-22
Read more
High

CVE-2011-5216

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2011-5215

SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5214

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/ad…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-5213

Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id pa…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2012-3941

Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka…

CVSS: 9.3 CWE: CWE-119
Read more