| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-1929 |
20 |
|
|
2012-03-28 |
2018-01-05 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area. |
|
2 |
CVE-2012-1928 |
20 |
|
|
2012-03-28 |
2018-01-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain. |
|
3 |
CVE-2012-1927 |
20 |
|
|
2012-03-28 |
2018-01-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. |
|
4 |
CVE-2012-1925 |
|
|
|
2012-03-28 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows. |
|
5 |
CVE-2012-1924 |
94 |
|
|
2012-03-28 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog. |
|
6 |
CVE-2012-1919 |
94 |
|
Dir. Trav. |
2012-03-27 |
2012-08-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter. |
|
7 |
CVE-2012-1916 |
|
|
Exec Code |
2012-03-27 |
2012-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/. |
|
8 |
CVE-2012-1846 |
668 |
|
Bypass |
2012-03-22 |
2020-04-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." |
|
9 |
CVE-2012-1845 |
416 |
|
Exec Code Bypass |
2012-03-22 |
2020-04-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." |
|
10 |
CVE-2012-1844 |
255 |
|
|
2012-03-22 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. |
|
11 |
CVE-2012-1843 |
352 |
|
Exec Code CSRF |
2012-03-22 |
2018-01-10 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability." |
|
12 |
CVE-2012-1840 |
287 |
|
|
2012-03-22 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. |
|
13 |
CVE-2012-1839 |
22 |
|
Dir. Trav. |
2012-03-22 |
2018-01-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information. |
|
14 |
CVE-2012-1836 |
119 |
|
Exec Code Overflow |
2012-03-22 |
2020-09-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. |
|
15 |
CVE-2012-1797 |
264 |
|
|
2012-03-20 |
2018-01-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. |
|
16 |
CVE-2012-1796 |
|
|
+Priv |
2012-03-20 |
2018-01-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. |
|
17 |
CVE-2012-1795 |
78 |
|
Exec Code |
2012-03-20 |
2018-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. |
|
18 |
CVE-2012-1785 |
20 |
|
Exec Code |
2012-03-19 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. |
|
19 |
CVE-2012-1784 |
89 |
1
|
Exec Code Sql |
2012-03-19 |
2018-01-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php. |
|
20 |
CVE-2012-1783 |
20 |
1
|
DoS |
2012-03-19 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number. |
|
21 |
CVE-2012-1780 |
89 |
1
|
Exec Code Sql |
2012-03-19 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
|
22 |
CVE-2012-1778 |
89 |
1
|
Exec Code Sql |
2012-03-19 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
23 |
CVE-2012-1776 |
119 |
|
DoS Exec Code Overflow |
2012-03-19 |
2018-01-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream. |
|
24 |
CVE-2012-1775 |
119 |
1
|
Exec Code Overflow |
2012-03-19 |
2017-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream. |
|
25 |
CVE-2012-1774 |
|
|
|
2012-03-18 |
2018-01-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264. |
|
26 |
CVE-2012-1663 |
399 |
1
|
DoS |
2012-03-13 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. |
|
27 |
CVE-2012-1557 |
89 |
|
Exec Code Sql |
2012-03-12 |
2018-01-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. |
|
28 |
CVE-2012-1544 |
119 |
|
Exec Code Overflow |
2012-03-09 |
2012-03-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. |
|
29 |
CVE-2012-1514 |
352 |
|
CSRF |
2012-03-16 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users. |
|
30 |
CVE-2012-1510 |
119 |
|
Overflow +Priv |
2012-03-16 |
2017-12-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. |
|
31 |
CVE-2012-1509 |
119 |
|
Overflow +Priv |
2012-03-16 |
2017-09-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. |
|
32 |
CVE-2012-1508 |
264 |
|
DoS +Priv |
2012-03-16 |
2017-12-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. |
|
33 |
CVE-2012-1498 |
352 |
2
|
CSRF |
2012-03-19 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name. |
|
34 |
CVE-2012-1485 |
|
|
|
2012-03-15 |
2018-01-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors. |
|
35 |
CVE-2012-1484 |
|
|
|
2012-03-15 |
2018-01-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) application 2.9.2 and 3.7.0 for Android has unknown impact and attack vectors. |
|
36 |
CVE-2012-1483 |
|
|
|
2012-03-15 |
2018-01-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Message Forwarder (com.gmail.zbnetium) application 1.12.20110409.1 for Android has unknown impact and attack vectors. |
|
37 |
CVE-2012-1482 |
|
|
|
2012-03-15 |
2018-01-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdialer) application 3.3.1 and 4.0.1 for Android has unknown impact and attack vectors. |
|
38 |
CVE-2012-1481 |
|
|
|
2012-03-15 |
2018-01-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Textdroid (com.app.android.textdroid) application 2.5.2 for Android has unknown impact and attack vectors. |
|
39 |
CVE-2012-1480 |
|
|
|
2012-03-14 |
2018-01-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application 1.97, 2.01, and 2.07 for Android has unknown impact and attack vectors. |
|
40 |
CVE-2012-1479 |
|
|
|
2012-03-14 |
2018-01-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the AContact (com.movester.quickcontact) application 1.8.2 for Android has unknown impact and attack vectors. |
|
41 |
CVE-2012-1478 |
|
|
|
2012-03-14 |
2018-01-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors. |
|
42 |
CVE-2012-1477 |
|
|
|
2012-03-14 |
2012-03-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 for Android has unknown impact and attack vectors. |
|
43 |
CVE-2012-1476 |
|
|
|
2012-03-14 |
2012-03-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the KKtalk (com.kkliaotian.android) application 4.0.0 and 4.1.5 for Android has unknown impact and attack vectors. |
|
44 |
CVE-2012-1475 |
|
|
|
2012-03-14 |
2012-03-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors. |
|
45 |
CVE-2012-1474 |
|
|
|
2012-03-14 |
2012-03-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Youni SMS (com.snda.youni) application 2.1.0c and 2.1.0d for Android has unknown impact and attack vectors. |
|
46 |
CVE-2012-1472 |
20 |
|
DoS |
2012-03-13 |
2012-03-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. |
|
47 |
CVE-2012-1409 |
|
|
|
2012-03-14 |
2012-03-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Tiny Password (com.tinycouch.android.freepassword) application 1.64 for Android has unknown impact and attack vectors. |
|
48 |
CVE-2012-1408 |
|
|
|
2012-03-14 |
2012-03-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the App Lock (com.cc.applock) application 1.7.5 and 1.7.6 for Android has unknown impact and attack vectors. |
|
49 |
CVE-2012-1407 |
|
|
|
2012-03-07 |
2012-03-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the GO Message Widget (com.gau.go.launcherex.gowidget.smswidget) application 1.9, 2.1, and 2.3 for Android has unknown impact and attack vectors. |
|
50 |
CVE-2012-1406 |
|
|
|
2012-03-07 |
2012-03-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launcherex.gowidget.bookmark) application 1.1 for Android has unknown impact and attack vectors. |
