Uncategorized CVEs — 2012 (Page 4/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2012-10-16

High

CVE-2012-3158

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 7.5CWE: N/A

Low

CVE-2012-3157

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote aut…

CVSS: 3.5CWE: N/A

Low

CVE-2012-3156

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.

CVSS: 3.5CWE: N/A

Medium

CVE-2012-3155

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remot…

CVSS: 5.0CWE: N/A

Medium

CVE-2012-3154

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH.

CVSS: 4.0CWE: N/A

Medium

CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via un…

CVSS: 6.4CWE: N/A

Critical

CVE-2012-3152

CVSS: 9.1CWE: N/A

Low

CVE-2012-3151

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to a…

CVSS: 3.3CWE: N/A

Medium

CVE-2012-3150

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…

CVSS: 4.0CWE: N/A

Low

CVE-2012-3149

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.

CVSS: 3.5CWE: N/A

Low

CVE-2012-3148

Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload.

CVSS: 3.5CWE: N/A

Medium

CVE-2012-3147

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.

CVSS: 6.4CWE: N/A

Low

CVE-2012-3146

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity vi…

CVSS: 2.1CWE: N/A

Low

CVE-2012-3145

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect…

CVSS: 1.5CWE: N/A

Medium

CVE-2012-3144

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.

CVSS: 4.0CWE: N/A

Low

CVE-2012-3142

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affec…

CVSS: 3.5CWE: N/A

Medium

CVE-2012-3141

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 al…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-3140

Unspecified vulnerability in the Oracle Agile PLM For Process component in Oracle Supply Chain Products Suite 6.0.0.6.3 and 6.1.0.1.14 allows remote authenticated users to affect confidentiality and…

CVSS: 5.5CWE: N/A

Medium

CVE-2012-3139

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO).

CVSS: 4.3CWE: N/A

Medium

CVE-2012-3138

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors relat…

CVSS: 4.3CWE: N/A

Medium

CVE-2012-1763

Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-1751

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availabili…

CVSS: 6.5CWE: N/A

Medium

CVE-2012-1686

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unkn…

CVSS: 4.3CWE: N/A

Medium

CVE-2012-1685

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core.

CVSS: 4.3CWE: N/A

Low

CVE-2012-0108

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors…

CVSS: 3.5CWE: N/A

Medium

CVE-2012-0107

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to W…

CVSS: 4.3CWE: N/A

Medium

CVE-2012-0106

CVSS: 4.9CWE: N/A

Low

CVE-2012-0095

CVSS: 2.1CWE: N/A

Medium

CVE-2012-0093

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web,…

CVSS: 4.3CWE: N/A

Low

CVE-2012-0092

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors relat…

CVSS: 3.5CWE: N/A

Low

CVE-2012-0090

CVSS: 3.5CWE: N/A

Low

CVE-2012-0086

CVSS: 3.5CWE: N/A

Medium

CVE-2012-0071

CVSS: 4.3CWE: N/A

High

CVE-2012-5089

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a…

CVSS: 7.6CWE: N/A

Critical

CVE-2012-5088

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via u…

CVSS: 10.0CWE: N/A

Critical

CVE-2012-5087

CVSS: 10.0CWE: N/A

Critical

CVE-2012-5086

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int…

CVSS: 10.0CWE: N/A

Low

CVE-2012-5085

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows…

CVSS: 0.0CWE: N/A

High

CVE-2012-5084

CVSS: 7.6CWE: N/A

Critical

CVE-2012-5083

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaF…

CVSS: 10.0CWE: N/A

Medium

CVE-2012-5082

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A

Medium

CVE-2012-5081

CVSS: 5.0CWE: N/A

High

CVE-2012-5080

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a differ…

CVSS: 7.6CWE: N/A

Medium

CVE-2012-5079

CVSS: 5.0CWE: N/A

Critical

CVE-2012-5078

CVSS: 10.0CWE: N/A

Low

CVE-2012-5077

CVSS: 2.6CWE: N/A

Medium

CVE-2012-5075

CVSS: 5.0CWE: N/A

Medium

CVE-2012-5074

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS.

CVSS: 6.4CWE: N/A

Medium

CVE-2012-5073

CVSS: 5.0CWE: N/A

Medium

CVE-2012-5072

CVSS: 5.0CWE: N/A

Medium

CVE-2012-5071

CVSS: 6.4CWE: N/A

Medium

CVE-2012-5070

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX.

CVSS: 5.0CWE: N/A

Medium

CVE-2012-5069

CVSS: 5.8CWE: N/A

High

CVE-2012-5068

CVSS: 7.5CWE: N/A

Medium

CVE-2012-5067

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Dep…

CVSS: 5.0CWE: N/A

Medium

CVE-2012-4416

CVSS: 6.4CWE: N/A

Low

CVE-2012-3216

CVSS: 2.6CWE: N/A

High

CVE-2012-3159

CVSS: 7.5CWE: N/A

Critical

CVE-2012-3143

CVSS: 10.0CWE: N/A

Critical

CVE-2012-1533

CVSS: 10.0CWE: N/A

Critical

CVE-2012-1532

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integ…

CVSS: 10.0CWE: N/A

Critical

CVE-2012-1531

CVSS: 10.0CWE: N/A

2012-10-12

Medium

CVE-2012-4192

Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue…

CVSS: 4.3CWE: CWE-264

2012-10-11

High

CVE-2012-5385

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.

CVSS: 7.5CWE: CWE-264

Medium

CVE-2012-5383

Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan ho…

CVSS: 6.2CWE: N/A

Medium

CVE-2012-5382

Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan…

CVSS: 6.0CWE: N/A

Medium

CVE-2012-5381

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL i…

CVSS: 6.0CWE: N/A

High

CVE-2012-5379

Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan h…

CVSS: 7.3CWE: N/A

Medium

CVE-2012-5378

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL…

CVSS: 6.0CWE: N/A

Medium

CVE-2012-5377

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan hors…

CVSS: 6.0CWE: N/A

Critical

CVE-2012-5112

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0CWE: CWE-399

2012-10-10

High

CVE-2012-5166

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via u…

CVSS: 7.8CWE: CWE-189

Medium

CVE-2012-4467

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from…

CVSS: 6.6CWE: CWE-399

Low

CVE-2012-2286

Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS: 2.9CWE: N/A

Low

CVE-2012-4899

WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file.

CVSS: 2.1CWE: CWE-310

Low

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc fil…

CVSS: 2.9CWE: CWE-264

Medium

CVE-2012-4430

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified…

CVSS: 4.0CWE: CWE-264

Low

CVE-2012-3504

The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.

CVSS: 3.6CWE: CWE-264

Medium

CVE-2012-5354

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows…

CVSS: 6.8CWE: N/A

Critical

CVE-2012-3991

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetPro…

CVSS: 9.3CWE: CWE-264

Medium

CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

CVSS: 4.0CWE: CWE-264

Medium

CVE-2012-3984

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote att…

CVSS: 6.8CWE: N/A

Critical

CVE-2012-3982

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey b…

CVSS: 9.3CWE: N/A

2012-10-09

Low

CVE-2012-4452

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX…

CVSS: 2.1CWE: CWE-264

High

CVE-2012-3549

The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.

CVSS: 7.8CWE: N/A

Medium

CVE-2012-3505

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger ha…

CVSS: 5.0CWE: CWE-310

Medium

CVE-2012-2551

The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a cra…

CVSS: 5.0CWE: N/A

High

CVE-2012-2529

Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users…

CVSS: 7.2CWE: CWE-189

Critical

CVE-2012-2528

Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 20…

CVSS: 9.3CWE: CWE-399

High

CVE-2012-5347

TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.

CVSS: 7.5CWE: N/A

High

CVE-2012-5111

Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.

CVSS: 7.5CWE: N/A

High

CVE-2012-2900

Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other im…

CVSS: 7.5CWE: N/A

2012-10-08

Medium

CVE-2012-5332

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long string in an HTTP header field, as demonstrated using the…

CVSS: 5.0CWE: N/A

High

CVE-2011-4929

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

CVSS: 7.5CWE: N/A

Medium

CVE-2011-4927

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVSS: 4.0CWE: N/A

Medium

CVE-2012-5318

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with…

CVSS: 6.8CWE: N/A

Medium

CVE-2012-1125

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a fi…

CVSS: 6.8CWE: N/A

Medium

CVE-2010-5279

article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.

CVSS: 5.0CWE: CWE-189

Medium

CVE-2010-5067

Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access f…

CVSS: 6.8CWE: CWE-255

Medium

CVE-2010-5066

The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which mak…

CVSS: 4.3CWE: CWE-310

Medium

CVE-2010-5065

popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.

CVSS: 5.0CWE: CWE-264

2012-10-07

Medium

CVE-2010-5277

Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions an…

CVSS: 4.9CWE: N/A

Medium

CVE-2010-5276

The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until th…

CVSS: 4.3CWE: CWE-264

High

CVE-2011-3918

The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted applic…

CVSS: 7.8CWE: CWE-399

2012-10-06

High

CVE-2012-1618

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9…

CVSS: 7.5CWE: N/A

Medium

CVE-2012-1623

The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions.

CVSS: 5.0CWE: CWE-264

High

CVE-2012-1565

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.

CVSS: 7.5CWE: N/A

Medium

CVE-2012-1153

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable exte…

CVSS: 6.8CWE: N/A

2012-10-05

Medium

CVE-2012-4442

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictio…

CVSS: 4.7CWE: CWE-264

Medium

CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dep…

CVSS: 5.0CWE: CWE-310

Medium

CVE-2012-0845

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop an…

CVSS: 5.0CWE: CWE-399

Medium

CVE-2012-4897

Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory.

CVSS: 6.9CWE: N/A

Medium

CVE-2012-4443

Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.

CVSS: 6.9CWE: CWE-264

2012-10-04

Medium

CVE-2012-5301

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the ne…

CVSS: 5.0CWE: CWE-310

Low

CVE-2012-5238

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to…

CVSS: 3.3CWE: N/A

Low

CVE-2012-5237

The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed p…

CVSS: 3.3CWE: CWE-399

High

CVE-2012-5299

Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.

CVSS: 7.5CWE: CWE-264

Medium

CVE-2012-5298

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.

CVSS: 5.0CWE: CWE-264

Low

CVE-2011-5204

Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.

CVSS: 1.9CWE: CWE-255

Medium

CVE-2012-3267

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS: 5.0CWE: N/A