| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-5197 |
|
|
|
2012-09-28 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls." |
|
2 |
CVE-2012-5196 |
119 |
|
Overflow |
2012-09-28 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors. |
|
3 |
CVE-2012-5159 |
94 |
|
Exec Code |
2012-09-25 |
2013-01-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. |
|
4 |
CVE-2012-5101 |
89 |
|
Exec Code Sql |
2012-09-23 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
5 |
CVE-2012-5098 |
89 |
1
|
Exec Code Sql |
2012-09-23 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php. |
|
6 |
CVE-2012-5054 |
189 |
1
|
Exec Code Overflow |
2012-09-24 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. |
|
7 |
CVE-2012-5049 |
20 |
|
DoS |
2012-09-28 |
2013-04-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
|
8 |
CVE-2012-5048 |
399 |
|
DoS |
2012-09-28 |
2013-04-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted packet. |
|
9 |
CVE-2012-5006 |
119 |
|
Exec Code Overflow |
2012-09-19 |
2012-09-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file. |
|
10 |
CVE-2012-5001 |
|
|
DoS Exec Code |
2012-09-19 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. |
|
11 |
CVE-2012-5000 |
89 |
1
|
Exec Code Sql |
2012-09-19 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. |
|
12 |
CVE-2012-4997 |
22 |
1
|
Dir. Trav. |
2012-09-19 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. |
|
13 |
CVE-2012-4996 |
89 |
1
|
Exec Code Sql |
2012-09-19 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php. |
|
14 |
CVE-2012-4993 |
264 |
1
|
|
2012-09-19 |
2012-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact. |
|
15 |
CVE-2012-4992 |
119 |
1
|
Exec Code Overflow |
2012-09-19 |
2017-08-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox. |
|
16 |
CVE-2012-4969 |
|
|
Exec Code |
2012-09-18 |
2017-11-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. |
|
17 |
CVE-2012-4927 |
89 |
2
|
Exec Code Sql |
2012-09-15 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. |
|
18 |
CVE-2012-4925 |
89 |
1
|
Exec Code Sql |
2012-09-15 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
19 |
CVE-2012-4924 |
119 |
1
|
Exec Code Overflow |
2012-09-15 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. |
|
20 |
CVE-2012-4908 |
264 |
|
Bypass |
2012-09-13 |
2012-09-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. |
|
21 |
CVE-2012-4907 |
264 |
|
|
2012-09-13 |
2012-09-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. |
|
22 |
CVE-2012-4879 |
255 |
|
|
2012-09-07 |
2013-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. |
|
23 |
CVE-2012-4876 |
119 |
1
|
Exec Code Overflow |
2012-09-06 |
2012-09-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. |
|
24 |
CVE-2012-4875 |
119 |
|
Exec Code Overflow |
2012-09-06 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it. |
|
25 |
CVE-2012-4874 |
|
|
|
2012-09-06 |
2012-09-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." |
|
26 |
CVE-2012-4869 |
94 |
3
|
Exec Code |
2012-09-06 |
2019-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. |
|
27 |
CVE-2012-4868 |
89 |
|
Exec Code Sql |
2012-09-06 |
2012-09-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
28 |
CVE-2012-4865 |
119 |
2
|
Exec Code Overflow |
2012-09-06 |
2012-09-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file. |
|
29 |
CVE-2012-4864 |
94 |
2
|
DoS Exec Code Mem. Corr. |
2012-09-06 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file. |
|
30 |
CVE-2012-4655 |
20 |
|
Exec Code |
2012-09-24 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. |
|
31 |
CVE-2012-4629 |
399 |
|
DoS |
2012-09-12 |
2013-04-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603. |
|
32 |
CVE-2012-4623 |
20 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723. |
|
33 |
CVE-2012-4622 |
399 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456. |
|
34 |
CVE-2012-4621 |
399 |
|
DoS |
2012-09-27 |
2013-02-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. |
|
35 |
CVE-2012-4620 |
399 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808. |
|
36 |
CVE-2012-4619 |
399 |
|
DoS |
2012-09-27 |
2013-04-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123. |
|
37 |
CVE-2012-4618 |
399 |
|
DoS |
2012-09-27 |
2013-04-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183. |
|
38 |
CVE-2012-4617 |
20 |
|
DoS |
2012-09-27 |
2013-02-14 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. |
|
39 |
CVE-2012-4392 |
287 |
|
Bypass |
2012-09-05 |
2012-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. |
|
40 |
CVE-2012-4244 |
|
|
DoS |
2012-09-14 |
2016-12-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. |
|
41 |
CVE-2012-4014 |
|
|
DoS |
2012-09-25 |
2012-09-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. |
|
42 |
CVE-2012-4011 |
78 |
|
Exec Code +Info |
2012-09-08 |
2012-09-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. |
|
43 |
CVE-2012-3955 |
|
|
DoS |
2012-09-14 |
2020-01-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. |
|
44 |
CVE-2012-3950 |
399 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976. |
|
45 |
CVE-2012-3949 |
20 |
|
DoS |
2012-09-27 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. |
|
46 |
CVE-2012-3935 |
119 |
|
DoS Overflow |
2012-09-12 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. |
|
47 |
CVE-2012-3716 |
119 |
|
DoS Exec Code Overflow |
2012-09-20 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. |
|
48 |
CVE-2012-3703 |
|
|
DoS Exec Code Mem. Corr. |
2012-09-13 |
2017-09-19 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
|
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. |
|
49 |
CVE-2012-3701 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-09-13 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. |
|
50 |
CVE-2012-3687 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-09-13 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. |
