CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5201 CVE-2010-5139 189 Overflow Bypass 2012-08-06 2020-03-18
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.
5202 CVE-2010-5138 DoS 2012-08-06 2020-03-18
5.0
None Remote Low Not required None None Partial
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
5203 CVE-2010-5137 DoS 2012-08-06 2020-03-18
5.0
None Remote Low Not required None None Partial
wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.
5204 CVE-2010-5106 264 Bypass 2012-09-14 2012-09-17
6.5
None Remote Low ??? Partial Partial Partial
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.
5205 CVE-2010-5104 200 +Info 2012-05-21 2017-08-29
4.3
None Remote Medium Not required Partial None None
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
5206 CVE-2010-5103 89 Exec Code Sql 2012-05-21 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
5207 CVE-2010-5102 22 Dir. Trav. 2012-05-21 2017-08-29
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.
5208 CVE-2010-5101 22 Dir. Trav. File Inclusion 2012-05-21 2017-08-29
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."
5209 CVE-2010-5100 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
5210 CVE-2010-5099 20 1 Bypass File Inclusion 2012-05-30 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
5211 CVE-2010-5098 79 XSS 2012-05-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
5212 CVE-2010-5097 79 XSS 2012-05-21 2017-08-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5213 CVE-2010-5096 89 Exec Code Sql 2012-08-13 2012-08-14
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error."
5214 CVE-2010-5095 79 XSS 2012-08-26 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.
5215 CVE-2010-5094 264 2012-08-26 2012-08-27
5.0
None Remote Low Not required None None Partial
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."
5216 CVE-2010-5093 264 2012-08-26 2012-08-27
5.0
None Remote Low Not required None Partial None
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
5217 CVE-2010-5092 255 +Info 2012-08-26 2012-08-27
1.9
None Local Medium Not required Partial None None
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
5218 CVE-2010-5091 94 Exec Code 2012-08-26 2012-08-27
6.0
None Remote Medium ??? Partial Partial Partial
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
5219 CVE-2010-5090 264 2012-08-26 2012-08-27
4.0
None Remote Low ??? None Partial None
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.
5220 CVE-2010-5089 264 +Info 2012-08-26 2012-08-27
4.3
None Remote Medium Not required Partial None None
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
5221 CVE-2010-5088 352 CSRF 2012-08-26 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.
5222 CVE-2010-5087 264 Bypass CSRF 2012-08-26 2012-08-27
5.0
None Remote Low Not required None Partial None
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller.
5223 CVE-2010-5086 22 1 Dir. Trav. 2012-03-19 2012-03-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter.
5224 CVE-2010-5085 352 CSRF 2012-02-14 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
5225 CVE-2010-5084 352 CSRF 2012-02-14 2012-02-15
6.0
None Remote Medium ??? Partial Partial Partial
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
5226 CVE-2010-5083 89 1 Exec Code Sql 2012-02-14 2019-07-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
5227 CVE-2010-5082 +Priv 2012-01-17 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
5228 CVE-2010-5080 255 2012-08-26 2012-08-27
6.8
None Remote Medium Not required Partial Partial Partial
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."
5229 CVE-2010-5079 310 Bypass CSRF 2012-09-17 2012-09-18
5.0
None Remote Low Not required None Partial None
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
5230 CVE-2010-5078 264 +Info 2012-09-17 2017-08-29
5.0
None Remote Low Not required Partial None None
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.
5231 CVE-2010-5076 20 2012-06-29 2021-06-16
4.3
None Remote Medium Not required None Partial None
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
5232 CVE-2010-5067 255 Bypass 2012-10-08 2012-10-08
6.8
None Remote Medium Not required Partial Partial Partial
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
5233 CVE-2010-5066 310 2012-10-08 2012-10-08
4.3
None Remote Medium Not required Partial None None
The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack.
5234 CVE-2010-5065 264 Bypass 2012-10-08 2012-10-08
5.0
None Remote Low Not required Partial None None
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action.
5235 CVE-2010-5064 79 XSS 2012-10-08 2012-10-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php.
5236 CVE-2010-5063 89 Exec Code Sql 2012-10-08 2012-10-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.
5237 CVE-2010-4824 89 Exec Code Sql 2012-09-17 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.
5238 CVE-2010-4823 79 XSS 2012-09-17 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."
5239 CVE-2010-4822 200 +Info 2012-09-17 2012-09-18
4.3
None Remote Medium Not required Partial None None
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
5240 CVE-2010-4821 79 XSS 2012-10-22 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
5241 CVE-2010-4819 20 DoS 2012-09-05 2012-09-13
3.6
None Local Low Not required Partial None Partial
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
5242 CVE-2010-4818 20 DoS Exec Code 2012-09-05 2012-09-06
8.5
None Remote Medium ??? Complete Complete Complete
The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c.
5243 CVE-2010-4666 119 DoS Overflow 2012-04-13 2012-04-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
5244 CVE-2010-4650 119 DoS Overflow 2012-06-21 2012-06-22
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server.
5245 CVE-2010-4648 2012-06-21 2012-06-26
3.3
None Local Network Low Not required Partial None None
The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.
5246 CVE-2010-4563 200 +Info 2012-02-02 2012-02-03
5.0
None Remote Low Not required Partial None None
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
5247 CVE-2010-4562 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
5248 CVE-2010-4250 399 DoS 2012-06-21 2012-06-26
4.9
None Local Low Not required None None Complete
Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files.
5249 CVE-2010-3499 264 Exec Code 2012-08-22 2012-08-22
6.4
None Remote Low Not required None Partial Partial
F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors."
5250 CVE-2010-3498 264 Exec Code 2012-08-22 2012-08-22
6.4
None Remote Low Not required None Partial Partial
AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 (This Page)106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.