| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-4068 |
119 |
|
Exec Code Overflow |
2012-07-26 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data. |
|
2 |
CVE-2012-4061 |
89 |
1
|
Exec Code Sql |
2012-07-25 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. |
|
3 |
CVE-2012-4060 |
89 |
1
|
Exec Code Sql |
2012-07-25 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. |
|
4 |
CVE-2012-4059 |
352 |
1
|
CSRF |
2012-07-25 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action. |
|
5 |
CVE-2012-4058 |
79 |
1
|
XSS |
2012-07-25 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. |
|
6 |
CVE-2012-4057 |
119 |
1
|
Exec Code Overflow |
2012-07-25 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file. |
|
7 |
CVE-2012-4056 |
89 |
1
|
Exec Code Sql |
2012-07-25 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. |
|
8 |
CVE-2012-4055 |
89 |
1
|
Exec Code Sql |
2012-07-25 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter. |
|
9 |
CVE-2012-4054 |
119 |
1
|
Exec Code Overflow |
2012-07-25 |
2017-08-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file. |
|
10 |
CVE-2012-4053 |
352 |
|
CSRF |
2012-07-25 |
2019-07-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
11 |
CVE-2012-4050 |
|
|
|
2012-07-24 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors. |
|
12 |
CVE-2012-4048 |
94 |
|
DoS |
2012-07-24 |
2017-09-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. |
|
13 |
CVE-2012-4045 |
119 |
|
Exec Code Overflow |
2012-07-22 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. |
|
14 |
CVE-2012-4043 |
79 |
|
XSS |
2012-07-26 |
2012-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. |
|
15 |
CVE-2012-4033 |
|
|
|
2012-07-18 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. |
|
16 |
CVE-2012-4032 |
20 |
1
|
|
2012-07-17 |
2017-08-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx. |
|
17 |
CVE-2012-4031 |
22 |
1
|
Dir. Trav. |
2012-07-17 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85. |
|
18 |
CVE-2012-4028 |
255 |
|
Bypass |
2012-07-16 |
2012-12-04 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. |
|
19 |
CVE-2012-4027 |
264 |
|
Dir. Trav. |
2012-07-16 |
2012-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file. |
|
20 |
CVE-2012-4026 |
20 |
|
|
2012-07-16 |
2012-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. |
|
21 |
CVE-2012-4025 |
190 |
|
Exec Code Overflow |
2012-07-19 |
2020-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. |
|
22 |
CVE-2012-4024 |
787 |
|
Exec Code Overflow |
2012-07-19 |
2020-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. |
|
23 |
CVE-2012-4000 |
79 |
|
XSS |
2012-07-12 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. |
|
24 |
CVE-2012-3999 |
79 |
|
XSS |
2012-07-12 |
2017-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
|
25 |
CVE-2012-3998 |
89 |
|
Exec Code Sql |
2012-07-12 |
2012-07-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php. |
|
26 |
CVE-2012-3997 |
79 |
|
XSS |
2012-07-12 |
2012-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b) show.php. |
|
27 |
CVE-2012-3996 |
200 |
2
|
+Info |
2012-07-12 |
2012-10-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. |
|
28 |
CVE-2012-3954 |
399 |
|
DoS |
2012-07-25 |
2020-04-01 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. |
|
29 |
CVE-2012-3951 |
89 |
|
Exec Code Sql |
2012-07-31 |
2018-03-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session. |
|
30 |
CVE-2012-3890 |
119 |
|
DoS Overflow Mem. Corr. |
2012-07-11 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. |
|
31 |
CVE-2012-3889 |
119 |
|
DoS Overflow Mem. Corr. |
2012-07-11 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. |
|
32 |
CVE-2012-3888 |
264 |
|
Bypass |
2012-07-26 |
2012-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data. |
|
33 |
CVE-2012-3887 |
310 |
|
+Info |
2012-07-26 |
2012-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI. |
|
34 |
CVE-2012-3886 |
200 |
|
+Info |
2012-07-26 |
2012-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack. |
|
35 |
CVE-2012-3885 |
287 |
|
|
2012-07-26 |
2012-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. |
|
36 |
CVE-2012-3884 |
287 |
|
|
2012-07-26 |
2012-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data. |
|
37 |
CVE-2012-3881 |
89 |
|
Exec Code Sql |
2012-07-12 |
2012-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php. |
|
38 |
CVE-2012-3868 |
362 |
|
DoS |
2012-07-25 |
2013-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. |
|
39 |
CVE-2012-3863 |
399 |
|
DoS |
2012-07-09 |
2013-10-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. |
|
40 |
CVE-2012-3859 |
|
|
|
2012-07-09 |
2012-07-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. |
|
41 |
CVE-2012-3848 |
79 |
|
XSS |
2012-07-31 |
2018-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php. |
|
42 |
CVE-2012-3847 |
399 |
|
DoS |
2012-07-05 |
2012-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007. |
|
43 |
CVE-2012-3846 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. |
|
44 |
CVE-2012-3845 |
119 |
1
|
DoS Overflow |
2012-07-03 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request. |
|
45 |
CVE-2012-3844 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. |
|
46 |
CVE-2012-3843 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47 |
CVE-2012-3842 |
79 |
|
XSS |
2012-07-03 |
2012-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. |
|
48 |
CVE-2012-3841 |
|
1
|
Exec Code |
2012-07-03 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. |
|
49 |
CVE-2012-3840 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters. |
|
50 |
CVE-2012-3839 |
89 |
1
|
Exec Code Sql |
2012-07-03 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. |
