CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2012-3295 264 Bypass 2012-08-29 2017-08-29
4.3
None Remote Medium Not required Partial None None
IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.
1702 CVE-2012-3294 352 1 CSRF 2012-08-17 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
1703 CVE-2012-3293 79 XSS 2012-08-21 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue.
1704 CVE-2012-3292 264 +Priv 2012-06-07 2012-09-07
7.6
None Remote High Not required Complete Complete Complete
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
1705 CVE-2012-3291 119 DoS Overflow 2012-06-07 2018-01-05
7.8
None Remote Low Not required None None Complete
Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.
1706 CVE-2012-3290 2012-06-07 2012-06-12
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors.
1707 CVE-2012-3289 94 DoS 2012-06-14 2012-06-15
7.8
None Remote Low Not required None None Complete
VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.
1708 CVE-2012-3288 20 DoS Exec Code Mem. Corr. 2012-06-14 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
1709 CVE-2012-3287 310 2012-06-13 2012-06-14
5.0
None Remote Low Not required Partial None None
Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware.
1710 CVE-2012-3277 DoS 2012-12-13 2019-10-09
5.0
None Remote Low Not required None None Partial
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.
1711 CVE-2012-3276 16 DoS 2012-12-13 2019-10-09
2.1
None Local Low Not required None None Partial
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.
1712 CVE-2012-3275 Exec Code 2012-12-06 2013-03-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors.
1713 CVE-2012-3274 119 Exec Code Overflow 2012-12-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
1714 CVE-2012-3273 +Info 2012-12-06 2013-03-14
5.0
None Remote Low Not required Partial None None
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors.
1715 CVE-2012-3272 79 XSS 2012-12-06 2013-01-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1716 CVE-2012-3271 +Info 2012-11-29 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.
1717 CVE-2012-3270 DoS +Info 2012-11-07 2013-06-26
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269.
1718 CVE-2012-3269 DoS +Info 2012-11-07 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270.
1719 CVE-2012-3267 +Info 2012-10-04 2017-08-29
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.
1720 CVE-2012-3266 +Info 2012-10-02 2019-10-09
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors.
1721 CVE-2012-3264 Exec Code 2012-09-25 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472.
1722 CVE-2012-3263 Exec Code 2012-09-25 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465.
1723 CVE-2012-3262 Exec Code 2012-09-25 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.
1724 CVE-2012-3261 Exec Code 2012-09-25 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.
1725 CVE-2012-3260 Exec Code 2012-09-25 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.
1726 CVE-2012-3259 Exec Code 2012-09-25 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461.
1727 CVE-2012-3258 Exec Code 2012-09-19 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors.
1728 CVE-2012-3257 2012-09-08 2013-03-22
4.6
None Remote High ??? Partial Partial Partial
HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors.
1729 CVE-2012-3256 352 CSRF 2012-09-08 2013-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
1730 CVE-2012-3255 79 XSS 2012-09-08 2013-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1731 CVE-2012-3254 Exec Code Overflow 2012-08-30 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.
1732 CVE-2012-3253 Exec Code Overflow 2012-08-30 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet.
1733 CVE-2012-3252 DoS 2012-08-20 2013-02-02
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors.
1734 CVE-2012-3251 79 XSS 2012-08-16 2019-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1735 CVE-2012-3250 DoS 2012-08-16 2019-10-09
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors.
1736 CVE-2012-3249 200 +Info 2012-08-16 2019-10-09
4.0
None Remote Low ??? Partial None None
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
1737 CVE-2012-3248 200 +Info 2012-08-16 2013-03-22
5.0
None Remote Low Not required Partial None None
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.
1738 CVE-2012-3247 DoS 2012-08-16 2013-03-22
4.9
None Local Low Not required None None Complete
Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors.
1739 CVE-2012-3241 264 Exec Code 2012-07-17 2012-07-18
7.5
None Remote Low Not required Partial Partial Partial
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.
1740 CVE-2012-3240 264 +Priv 2012-07-17 2012-07-18
7.5
None Remote Low Not required Partial Partial Partial
The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request.
1741 CVE-2012-3238 79 XSS 2012-07-09 2012-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
1742 CVE-2012-3236 476 1 DoS 2012-07-12 2022-02-07
4.3
None Remote Medium Not required None None Partial
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
1743 CVE-2012-3234 189 DoS 2012-09-12 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file.
1744 CVE-2012-3233 79 XSS 2012-09-15 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
1745 CVE-2012-3232 79 XSS 2012-06-29 2012-07-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.
1746 CVE-2012-3231 352 Exec Code CSRF 2012-06-27 2012-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.
1747 CVE-2012-3230 2012-10-17 2013-10-11
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.
1748 CVE-2012-3229 2012-10-17 2013-10-11
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation.
1749 CVE-2012-3228 2012-10-17 2017-08-29
4.9
None Remote Medium ??? None Partial Partial
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE.
1750 CVE-2012-3227 2012-10-17 2017-08-29
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3141.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 (This Page)36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.