| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1251 |
CVE-2012-3870 |
79 |
1
|
XSS |
2012-12-28 |
2012-12-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter. |
|
1252 |
CVE-2012-3869 |
79 |
|
XSS |
2012-08-13 |
2012-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. |
|
1253 |
CVE-2012-3868 |
362 |
|
DoS |
2012-07-25 |
2013-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. |
|
1254 |
CVE-2012-3867 |
264 |
|
|
2012-08-06 |
2019-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. |
|
1255 |
CVE-2012-3866 |
264 |
|
+Info |
2012-08-06 |
2019-07-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. |
|
1256 |
CVE-2012-3865 |
22 |
|
Dir. Trav. |
2012-08-06 |
2019-07-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. |
|
1257 |
CVE-2012-3864 |
200 |
|
+Info |
2012-08-06 |
2019-07-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. |
|
1258 |
CVE-2012-3863 |
399 |
|
DoS |
2012-07-09 |
2013-10-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. |
|
1259 |
CVE-2012-3859 |
|
|
|
2012-07-09 |
2012-07-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. |
|
1260 |
CVE-2012-3848 |
79 |
|
XSS |
2012-07-31 |
2018-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php. |
|
1261 |
CVE-2012-3847 |
399 |
|
DoS |
2012-07-05 |
2012-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007. |
|
1262 |
CVE-2012-3846 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. |
|
1263 |
CVE-2012-3845 |
119 |
1
|
DoS Overflow |
2012-07-03 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request. |
|
1264 |
CVE-2012-3844 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. |
|
1265 |
CVE-2012-3843 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
1266 |
CVE-2012-3842 |
79 |
|
XSS |
2012-07-03 |
2012-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. |
|
1267 |
CVE-2012-3841 |
|
1
|
Exec Code |
2012-07-03 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. |
|
1268 |
CVE-2012-3840 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters. |
|
1269 |
CVE-2012-3839 |
89 |
1
|
Exec Code Sql |
2012-07-03 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. |
|
1270 |
CVE-2012-3838 |
200 |
1
|
+Info |
2012-07-03 |
2012-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. |
|
1271 |
CVE-2012-3837 |
79 |
1
|
XSS |
2012-07-03 |
2012-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information. |
|
1272 |
CVE-2012-3836 |
79 |
1
|
XSS |
2012-07-03 |
2012-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php. |
|
1273 |
CVE-2012-3835 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page. |
|
1274 |
CVE-2012-3834 |
89 |
1
|
Exec Code Sql |
2012-07-03 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. |
|
1275 |
CVE-2012-3833 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. |
|
1276 |
CVE-2012-3832 |
79 |
|
XSS |
2012-07-03 |
2012-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags. |
|
1277 |
CVE-2012-3831 |
79 |
|
XSS |
2012-07-03 |
2012-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. |
|
1278 |
CVE-2012-3830 |
79 |
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. |
|
1279 |
CVE-2012-3829 |
200 |
1
|
+Info |
2012-07-03 |
2012-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. |
|
1280 |
CVE-2012-3828 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. |
|
1281 |
CVE-2012-3826 |
189 |
|
DoS |
2012-06-30 |
2017-09-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. |
|
1282 |
CVE-2012-3825 |
189 |
|
DoS Overflow |
2012-06-30 |
2017-09-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. |
|
1283 |
CVE-2012-3819 |
119 |
|
DoS Overflow |
2012-10-04 |
2015-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request. |
|
1284 |
CVE-2012-3818 |
310 |
|
+Info |
2012-06-29 |
2012-07-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. |
|
1285 |
CVE-2012-3817 |
20 |
|
DoS |
2012-07-25 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. |
|
1286 |
CVE-2012-3816 |
|
1
|
DoS |
2012-06-27 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet. |
|
1287 |
CVE-2012-3815 |
119 |
|
Exec Code Overflow |
2012-06-27 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information. |
|
1288 |
CVE-2012-3814 |
264 |
1
|
Exec Code |
2012-06-27 |
2012-06-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. |
|
1289 |
CVE-2012-3812 |
399 |
|
DoS |
2012-07-09 |
2013-04-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. |
|
1290 |
CVE-2012-3811 |
|
|
Exec Code |
2012-07-03 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. |
|
1291 |
CVE-2012-3805 |
79 |
|
XSS |
2012-07-12 |
2012-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information. |
|
1292 |
CVE-2012-3802 |
|
|
|
2012-06-27 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. |
|
1293 |
CVE-2012-3801 |
264 |
|
+Info |
2012-06-26 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. |
|
1294 |
CVE-2012-3800 |
79 |
|
XSS |
2012-06-27 |
2017-08-29 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. |
|
1295 |
CVE-2012-3799 |
352 |
|
XSS CSRF |
2012-06-27 |
2017-08-29 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. |
|
1296 |
CVE-2012-3798 |
200 |
|
+Info |
2012-06-27 |
2012-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. |
|
1297 |
CVE-2012-3797 |
119 |
|
DoS Overflow Mem. Corr. |
2012-06-25 |
2013-05-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode. |
|
1298 |
CVE-2012-3796 |
200 |
|
+Info |
2012-06-25 |
2013-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode. |
|
1299 |
CVE-2012-3795 |
119 |
|
DoS Overflow |
2012-06-25 |
2013-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field. |
|
1300 |
CVE-2012-3794 |
119 |
|
DoS Overflow |
2012-06-25 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory. |
