| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-1418 |
|
|
|
2012-02-29 |
2012-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. |
|
2 |
CVE-2012-1410 |
79 |
|
XSS |
2012-02-29 |
2012-02-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description. |
|
3 |
CVE-2012-1294 |
89 |
1
|
Exec Code Sql |
2012-02-23 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
|
4 |
CVE-2012-1292 |
|
|
+Info |
2012-02-23 |
2012-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. |
|
5 |
CVE-2012-1291 |
|
|
+Info |
2012-02-23 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. |
|
6 |
CVE-2012-1290 |
79 |
|
XSS |
2012-02-23 |
2012-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. |
|
7 |
CVE-2012-1289 |
22 |
|
Dir. Trav. |
2012-02-23 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. |
|
8 |
CVE-2012-1288 |
255 |
|
|
2012-02-23 |
2012-02-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. |
|
9 |
CVE-2012-1256 |
287 |
|
Bypass |
2012-02-22 |
2012-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. |
|
10 |
CVE-2012-1235 |
352 |
|
CSRF |
2012-02-21 |
2012-02-23 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. |
|
11 |
CVE-2012-1234 |
89 |
|
Exec Code Sql |
2012-02-21 |
2012-02-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. |
|
12 |
CVE-2012-1227 |
352 |
1
|
CSRF |
2012-02-21 |
2012-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. |
|
13 |
CVE-2012-1226 |
22 |
1
|
Exec Code Dir. Trav. |
2012-02-21 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. |
|
14 |
CVE-2012-1225 |
89 |
|
Exec Code Sql |
2012-02-21 |
2012-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. |
|
15 |
CVE-2012-1224 |
79 |
|
XSS |
2012-02-21 |
2012-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
|
16 |
CVE-2012-1223 |
200 |
|
+Info |
2012-02-21 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. |
|
17 |
CVE-2012-1222 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. |
|
18 |
CVE-2012-1221 |
22 |
|
Dir. Trav. |
2012-02-21 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command. |
|
19 |
CVE-2012-1220 |
352 |
1
|
CSRF |
2012-02-21 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password. |
|
20 |
CVE-2012-1219 |
79 |
|
XSS |
2012-02-21 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title parameter to notes.php, or (3) task parameter to todo.php. NOTE: some of these details are obtained from third party information. |
|
21 |
CVE-2012-1218 |
89 |
|
Exec Code Sql |
2012-02-21 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components. |
|
22 |
CVE-2012-1217 |
79 |
1
|
XSS |
2012-02-21 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php. |
|
23 |
CVE-2012-1216 |
352 |
1
|
CSRF |
2012-02-21 |
2012-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via an add action or (2) change the contents of a file via a dit action. |
|
24 |
CVE-2012-1215 |
79 |
2
|
XSS |
2012-02-21 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. |
|
25 |
CVE-2012-1214 |
79 |
2
|
XSS |
2012-02-21 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. |
|
26 |
CVE-2012-1213 |
79 |
1
|
XSS |
2012-02-24 |
2017-11-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. |
|
27 |
CVE-2012-1212 |
79 |
1
|
XSS |
2012-02-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information. |
|
28 |
CVE-2012-1211 |
79 |
1
|
XSS |
2012-02-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. |
|
29 |
CVE-2012-1210 |
89 |
1
|
Exec Code Sql |
2012-02-24 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
30 |
CVE-2012-1209 |
79 |
|
XSS |
2012-02-24 |
2018-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. |
|
31 |
CVE-2012-1208 |
79 |
1
|
XSS |
2012-02-24 |
2012-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. |
|
32 |
CVE-2012-1207 |
22 |
1
|
Dir. Trav. |
2012-02-24 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php. |
|
33 |
CVE-2012-1206 |
189 |
|
Exec Code Overflow |
2012-02-24 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow. |
|
34 |
CVE-2012-1205 |
94 |
|
Exec Code File Inclusion |
2012-02-24 |
2012-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. |
|
35 |
CVE-2012-1200 |
94 |
1
|
Exec Code File Inclusion |
2012-02-18 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php. |
|
36 |
CVE-2012-1199 |
94 |
1
|
Exec Code File Inclusion |
2012-02-18 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php. |
|
37 |
CVE-2012-1198 |
20 |
1
|
Exec Code |
2012-02-18 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action. |
|
38 |
CVE-2012-1197 |
189 |
|
Exec Code Overflow |
2012-02-18 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-based buffer overflow. |
|
39 |
CVE-2012-1196 |
22 |
|
Dir. Trav. |
2012-02-18 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. |
|
40 |
CVE-2012-1195 |
264 |
|
Exec Code |
2012-02-18 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root. |
|
41 |
CVE-2012-1194 |
|
|
|
2012-02-17 |
2012-02-20 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. |
|
42 |
CVE-2012-1193 |
|
|
|
2012-02-17 |
2013-12-13 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. |
|
43 |
CVE-2012-1192 |
|
|
|
2012-02-17 |
2012-02-20 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. |
|
44 |
CVE-2012-1191 |
20 |
|
|
2012-02-17 |
2012-02-20 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. |
|
45 |
CVE-2012-1087 |
79 |
|
XSS |
2012-02-14 |
2012-02-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
46 |
CVE-2012-1086 |
79 |
|
XSS |
2012-02-14 |
2012-02-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47 |
CVE-2012-1085 |
|
|
+Info |
2012-02-14 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
|
48 |
CVE-2012-1084 |
79 |
|
XSS |
2012-02-14 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
49 |
CVE-2012-1083 |
352 |
|
CSRF |
2012-02-14 |
2012-02-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
50 |
CVE-2012-1082 |
79 |
|
XSS |
2012-02-14 |
2012-02-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
