CVE Daily
← All years

All CVEs — 2012

Page 5/26.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2012-10-25
Critical

CVE-2012-3940

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3939

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory co…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3938

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3937

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3936

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCu…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-5368

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XS…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2012-5339

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a…

CVSS: 3.5 CWE: CWE-79
Read more
2012-10-24
Low

CVE-2012-5388

Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2012-5387

Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for…

CVSS: 6.8 CWE: CWE-352
Read more
2012-10-23
Critical

CVE-2012-5273

Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-4176

Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0 CWE: CWE-20
Read more
Critical

CVE-2012-4175

Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-4174

Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-4173

Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-4172

Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4173, CVE-2012-4174, CVE-2012-4…

CVSS: 10.0 CWE: CWE-119
Read more
2012-10-22
Medium

CVE-2012-5455

Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5453

SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vu…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2012-5452

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3)…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5169

Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext,…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5167

Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_subm…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-4990

SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-4989

Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4773

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify s…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2012-4772

SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-4771

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/ma…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4511

services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in…

CVSS: 5.8 CWE: CWE-200
Read more
Medium

CVE-2012-4506

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories…

CVSS: 4.6 CWE: CWE-22
Read more
Medium

CVE-2012-4436

Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execu…

CVSS: 4.4 CWE: CWE-119
Read more
Medium

CVE-2012-4435

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address.

CVSS: 4.0 CWE: CWE-20
Read more
Critical

CVE-2012-4406

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arb…

CVSS: 9.8 CWE: CWE-502
Read more
High

CVE-2012-4232

SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-4231

Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-1900

Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitr…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2011-5212

SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5211

Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are o…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-4129

(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might al…

CVSS: 5.8 CWE: CWE-200
Read more
Medium

CVE-2010-4821

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4751

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary w…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-3001

Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."

CVSS: 8.5 CWE: CWE-78
Read more
2012-10-20
High

CVE-2012-4826

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated…

CVSS: 8.5 CWE: CWE-119
Read more
Medium

CVE-2012-2972

The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service…

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2012-2971

The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a craf…

CVSS: 7.5 CWE: CWE-94
Read more
2012-10-18
Critical

CVE-2012-2290

The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted messag…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2012-0306

Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file.

CVSS: 6.8 CWE: CWE-119
Read more
2012-10-16
Medium

CVE-2012-0518

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to R…

CVSS: 4.7 CWE: CWE-601
Read more
Critical

CVE-2012-5076

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, rela…

CVSS: 9.8 CWE: CWE-284
Read more
2012-10-12
Critical

CVE-2012-0227

Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and p…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue fun…

CVSS: 6.8 CWE: CWE-346
Read more
Critical

CVE-2012-4191

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers t…

CVSS: 9.3 CWE: CWE-787
Read more
Critical

CVE-2012-4190

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory c…

CVSS: 10.0 CWE: CWE-119
Read more
2012-10-11
Medium

CVE-2012-5386

Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vu…

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2012-5384

Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse…

CVSS: 6.7 CWE: CWE-22
Read more
Critical

CVE-2012-5376

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging ac…

CVSS: 9.6 CWE: CWE-269
Read more
2012-10-10
Medium

CVE-2012-5356

The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly…

CVSS: 5.8 CWE: CWE-20
Read more
Low

CVE-2012-5355

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

CVSS: 3.3 CWE: CWE-59
Read more
Medium

CVE-2012-4465

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code v…

CVSS: 6.5 CWE: CWE-119
Read more
Medium

CVE-2012-4463

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attac…

CVSS: 5.1 CWE: CWE-20
Read more
Medium

CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock…

CVSS: 6.2 CWE: CWE-59
Read more
Medium

CVE-2012-4445

Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a de…

CVSS: 4.3 CWE: CWE-119
Read more
Medium

CVE-2012-3040

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2009-5067

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vul…

CVSS: 4.3 CWE: CWE-22
Read more
Critical

CVE-2012-4188

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey befor…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, w…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4186

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, a…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4185

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-4184

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 d…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-4183

Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0…

CVSS: 9.3 CWE: CWE-416
Read more
Critical

CVE-2012-4182

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, a…

CVSS: 9.3 CWE: CWE-416
Read more
Critical

CVE-2012-4181

Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 1…

CVSS: 9.3 CWE: CWE-416
Read more
Critical

CVE-2012-4180

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x befor…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4179

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before…

CVSS: 9.3 CWE: CWE-416
Read more
Critical

CVE-2012-3995

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote…

CVSS: 9.3 CWE: CWE-125
Read more
Medium

CVE-2012-3994

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site script…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-3993

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 d…

CVSS: 9.3 CWE: CWE-269
Read more
Medium

CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows r…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-3990

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and S…

CVSS: 9.3 CWE: CWE-416
Read more
Critical

CVE-2012-3989

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object,…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3988

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-as…

CVSS: 9.3 CWE: CWE-416
Read more
Medium

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (a…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2012-3985

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-3983

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memo…

CVSS: 10.0 CWE: CWE-119
Read more
2012-10-09
Medium

CVE-2012-5353

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."

CVSS: 5.8 CWE: CWE-287
Read more
Medium

CVE-2012-5352

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attac…

CVSS: 5.8 CWE: CWE-287
Read more
Medium

CVE-2012-5351

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability tha…

CVSS: 6.4 CWE: CWE-287
Read more
Low

CVE-2012-4453

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to o…

CVSS: 2.1 CWE: CWE-276
Read more
Medium

CVE-2012-4418

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

CVSS: 5.8 CWE: CWE-287
Read more
High

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE)…

CVSS: 7.5 CWE: CWE-611
Read more
Medium

CVE-2012-4003

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4002

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-2552

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows r…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-2550

Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability."

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-2520

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groov…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-0182

Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Se…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2012-3436

OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a cer…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2012-5350

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in…

CVSS: 6.0 CWE: CWE-89
Read more
Low

CVE-2012-5349

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2012-5348

SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2012-5346

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some o…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5345

Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2012-5344

Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2012-5343

Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5342

Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5341

Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show paramet…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4457

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's…

CVSS: 4.0 CWE: CWE-287
Read more
High

CVE-2012-4456

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the ro…

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2011-5210

Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the theme parameter.

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2011-5209

Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-5272

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5271

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5270

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5269

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5268

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5267

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5266

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5265

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5264

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5263

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5262

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5261

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more