| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
601 |
CVE-2013-1421 |
79 |
|
XSS |
2014-04-22 |
2020-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. |
|
602 |
CVE-2013-0740 |
20 |
|
|
2014-04-10 |
2014-04-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. |
|
603 |
CVE-2013-0735 |
89 |
|
Exec Code Sql |
2014-04-02 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. |
|
604 |
CVE-2013-0729 |
119 |
|
Exec Code Overflow |
2014-04-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file. |
|
605 |
CVE-2013-0662 |
787 |
|
Exec Code Overflow |
2014-04-01 |
2022-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. |
|
606 |
CVE-2013-0296 |
264 |
|
Bypass |
2014-04-27 |
2014-04-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. |
|
607 |
CVE-2012-6646 |
|
|
|
2014-04-18 |
2020-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors. |
|
608 |
CVE-2012-6645 |
79 |
|
XSS |
2014-04-08 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561. |
|
609 |
CVE-2012-6644 |
79 |
2
|
XSS |
2014-04-08 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php. |
|
610 |
CVE-2012-6643 |
89 |
1
|
Exec Code Sql |
2014-04-08 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information. |
|
611 |
CVE-2012-6642 |
79 |
|
XSS |
2014-04-08 |
2014-04-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
612 |
CVE-2012-6641 |
79 |
|
XSS |
2014-04-07 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values." |
|
613 |
CVE-2012-6640 |
79 |
|
XSS |
2014-04-05 |
2014-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. |
|
614 |
CVE-2012-6429 |
119 |
|
Exec Code Overflow |
2014-04-04 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument. |
|
615 |
CVE-2012-6132 |
79 |
|
XSS |
2014-04-10 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. |
|
616 |
CVE-2012-6131 |
79 |
|
XSS |
2014-04-11 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. |
|
617 |
CVE-2012-6130 |
79 |
|
XSS |
2014-04-11 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. |
|
618 |
CVE-2012-5723 |
20 |
|
DoS |
2014-04-24 |
2021-10-05 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. |
|
619 |
CVE-2012-5648 |
89 |
|
Exec Code Sql |
2014-04-04 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. |
|
620 |
CVE-2012-5567 |
79 |
|
XSS |
2014-04-05 |
2014-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks. |
|
621 |
CVE-2012-5566 |
79 |
|
XSS |
2014-04-05 |
2014-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view. |
|
622 |
CVE-2012-5565 |
79 |
|
XSS |
2014-04-05 |
2014-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. |
|
623 |
CVE-2012-5427 |
20 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. |
|
624 |
CVE-2012-5422 |
|
|
DoS |
2014-04-23 |
2014-04-23 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. |
|
625 |
CVE-2012-5044 |
119 |
|
DoS Overflow Mem. Corr. |
2014-04-23 |
2014-04-23 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. |
|
626 |
CVE-2012-5039 |
399 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. |
|
627 |
CVE-2012-5037 |
264 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
|
The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. |
|
628 |
CVE-2012-5036 |
399 |
|
DoS |
2014-04-23 |
2014-04-23 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. |
|
629 |
CVE-2012-5032 |
287 |
|
|
2014-04-23 |
2014-04-23 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. |
|
630 |
CVE-2012-5017 |
20 |
|
DoS |
2014-04-23 |
2021-10-05 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. |
|
631 |
CVE-2012-5014 |
|
|
DoS |
2014-04-23 |
2014-04-23 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
|
Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. |
|
632 |
CVE-2012-4921 |
352 |
|
XSS CSRF |
2014-04-10 |
2014-04-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks. |
|
633 |
CVE-2012-4920 |
22 |
|
Dir. Trav. |
2014-04-04 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php. |
|
634 |
CVE-2012-4658 |
287 |
|
DoS |
2014-04-23 |
2014-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. |
|
635 |
CVE-2012-4651 |
189 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. |
|
636 |
CVE-2012-4638 |
|
|
DoS |
2014-04-23 |
2014-04-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. |
|
637 |
CVE-2012-4230 |
264 |
|
XSS |
2014-04-25 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. |
|
638 |
CVE-2012-3946 |
264 |
|
Bypass |
2014-04-24 |
2014-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. |
|
639 |
CVE-2012-3918 |
|
|
DoS |
2014-04-23 |
2014-04-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317. |
|
640 |
CVE-2012-3062 |
20 |
|
DoS |
2014-04-23 |
2014-04-23 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. |
|
641 |
CVE-2012-2095 |
20 |
1
|
+Priv |
2014-04-07 |
2014-04-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. |
|
642 |
CVE-2012-1834 |
79 |
|
XSS |
2014-04-07 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php. |
|
643 |
CVE-2012-1561 |
79 |
|
XSS |
2014-04-08 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities." |
|
644 |
CVE-2012-1366 |
20 |
|
DoS |
2014-04-23 |
2021-10-05 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. |
|
645 |
CVE-2012-1317 |
119 |
|
DoS Overflow |
2014-04-23 |
2014-04-23 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. |
|
646 |
CVE-2012-0871 |
59 |
|
|
2014-04-18 |
2022-01-28 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. |
|
647 |
CVE-2012-0360 |
399 |
|
DoS |
2014-04-23 |
2014-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. |
|
648 |
CVE-2012-0214 |
264 |
|
|
2014-04-15 |
2014-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned. |
|
649 |
CVE-2012-0033 |
399 |
|
DoS |
2014-04-08 |
2016-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request. |
|
650 |
CVE-2012-0032 |
264 |
|
|
2014-04-01 |
2014-04-01 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. |
