CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2012 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-5197 2012-09-28 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."
2 CVE-2012-5196 119 Overflow 2012-09-28 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.
3 CVE-2012-5159 94 Exec Code 2012-09-25 2013-01-26
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
4 CVE-2012-5101 89 Exec Code Sql 2012-09-23 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2012-5098 89 1 Exec Code Sql 2012-09-23 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.
6 CVE-2012-5054 189 1 Exec Code Overflow 2012-09-24 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
7 CVE-2012-5049 20 DoS 2012-09-28 2013-04-11
7.8
None Remote Low Not required None None Complete
APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
8 CVE-2012-5048 399 DoS 2012-09-28 2013-04-11
7.8
None Remote Low Not required None None Complete
APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted packet.
9 CVE-2012-5006 119 Exec Code Overflow 2012-09-19 2012-09-20
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file.
10 CVE-2012-5001 DoS Exec Code 2012-09-19 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
11 CVE-2012-5000 89 1 Exec Code Sql 2012-09-19 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
12 CVE-2012-4997 22 1 Dir. Trav. 2012-09-19 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
13 CVE-2012-4996 89 1 Exec Code Sql 2012-09-19 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.
14 CVE-2012-4993 264 1 2012-09-19 2012-09-21
7.5
None Remote Low Not required Partial Partial Partial
torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact.
15 CVE-2012-4992 119 1 Exec Code Overflow 2012-09-19 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
16 CVE-2012-4969 Exec Code 2012-09-18 2017-11-21
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
17 CVE-2012-4927 89 2 Exec Code Sql 2012-09-15 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
18 CVE-2012-4925 89 1 Exec Code Sql 2012-09-15 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
19 CVE-2012-4924 119 1 Exec Code Overflow 2012-09-15 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
20 CVE-2012-4908 264 Bypass 2012-09-13 2012-09-14
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
21 CVE-2012-4907 264 2012-09-13 2012-09-14
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
22 CVE-2012-4879 255 2012-09-07 2013-10-11
10.0
None Remote Low Not required Complete Complete Complete
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013.
23 CVE-2012-4876 119 1 Exec Code Overflow 2012-09-06 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
24 CVE-2012-4875 119 Exec Code Overflow 2012-09-06 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it.
25 CVE-2012-4874 2012-09-06 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."
26 CVE-2012-4869 94 3 Exec Code 2012-09-06 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
27 CVE-2012-4868 89 Exec Code Sql 2012-09-06 2012-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
28 CVE-2012-4865 119 2 Exec Code Overflow 2012-09-06 2012-09-13
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
29 CVE-2012-4864 94 2 DoS Exec Code Mem. Corr. 2012-09-06 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
30 CVE-2012-4655 20 Exec Code 2012-09-24 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
31 CVE-2012-4629 399 DoS 2012-09-12 2013-04-05
7.8
None Remote Low Not required None None Complete
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603.
32 CVE-2012-4623 20 DoS 2012-09-27 2017-08-29
7.8
None Remote Low Not required None None Complete
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723.
33 CVE-2012-4622 399 DoS 2012-09-27 2017-08-29
7.1
None Remote Medium Not required None None Complete
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.
34 CVE-2012-4621 399 DoS 2012-09-27 2013-02-14
7.8
None Remote Low Not required None None Complete
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
35 CVE-2012-4620 399 DoS 2012-09-27 2017-08-29
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808.
36 CVE-2012-4619 399 DoS 2012-09-27 2013-04-11
7.8
None Remote Low Not required None None Complete
The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
37 CVE-2012-4618 399 DoS 2012-09-27 2013-04-11
7.8
None Remote Low Not required None None Complete
The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
38 CVE-2012-4617 20 DoS 2012-09-27 2013-02-14
7.1
None Remote Medium Not required None None Complete
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.
39 CVE-2012-4392 287 Bypass 2012-09-05 2012-09-13
7.5
None Remote Low Not required Partial Partial Partial
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
40 CVE-2012-4244 DoS 2012-09-14 2016-12-07
7.8
None Remote Low Not required None None Complete
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
41 CVE-2012-4014 DoS 2012-09-25 2012-09-25
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors.
42 CVE-2012-4011 78 Exec Code +Info 2012-09-08 2012-09-17
9.3
None Remote Medium Not required Complete Complete Complete
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
43 CVE-2012-3955 DoS 2012-09-14 2020-01-08
7.1
None Remote Medium Not required None None Complete
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.
44 CVE-2012-3950 399 DoS 2012-09-27 2017-08-29
7.1
None Remote Medium Not required None None Complete
The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976.
45 CVE-2012-3949 20 DoS 2012-09-27 2017-08-29
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.
46 CVE-2012-3935 119 DoS Overflow 2012-09-12 2017-08-29
7.8
None Remote Low Not required None None Complete
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.
47 CVE-2012-3716 119 DoS Exec Code Overflow 2012-09-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
48 CVE-2012-3703 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-19
8.3
None Remote Medium Not required Partial Partial Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
49 CVE-2012-3701 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
50 CVE-2012-3687 119 DoS Exec Code Overflow Mem. Corr. 2012-09-13 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Total number of vulnerabilities : 159   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.