| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2012-2678 |
310 |
|
|
2012-07-03 |
2017-09-19 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. |
|
252 |
CVE-2012-2677 |
189 |
|
Overflow |
2012-07-25 |
2021-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. |
|
253 |
CVE-2012-2676 |
189 |
|
Overflow |
2012-07-25 |
2012-07-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected. |
|
254 |
CVE-2012-2675 |
189 |
|
Overflow |
2012-07-25 |
2012-07-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. |
|
255 |
CVE-2012-2674 |
189 |
|
Overflow |
2012-07-25 |
2012-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. |
|
256 |
CVE-2012-2673 |
189 |
|
Overflow |
2012-07-25 |
2016-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. |
|
257 |
CVE-2012-2655 |
399 |
|
DoS |
2012-07-18 |
2013-04-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. |
|
258 |
CVE-2012-2653 |
|
|
+Priv |
2012-07-12 |
2016-11-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. |
|
259 |
CVE-2012-2647 |
200 |
|
+Info |
2012-07-31 |
2012-07-31 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. |
|
260 |
CVE-2012-2646 |
200 |
|
+Info |
2012-07-25 |
2018-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. |
|
261 |
CVE-2012-2645 |
200 |
|
+Info |
2012-07-16 |
2017-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. |
|
262 |
CVE-2012-2644 |
79 |
|
XSS |
2012-07-07 |
2012-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642. |
|
263 |
CVE-2012-2643 |
79 |
|
XSS |
2012-07-07 |
2012-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. |
|
264 |
CVE-2012-2642 |
79 |
|
XSS |
2012-07-07 |
2012-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644. |
|
265 |
CVE-2012-2641 |
79 |
|
XSS |
2012-07-05 |
2012-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library. |
|
266 |
CVE-2012-2640 |
264 |
|
|
2012-07-05 |
2012-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. |
|
267 |
CVE-2012-2627 |
|
|
|
2012-07-31 |
2018-03-12 |
9.4 |
None |
Remote |
Low |
Not required |
None |
Complete |
Complete |
|
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request. |
|
268 |
CVE-2012-2626 |
287 |
|
|
2012-07-31 |
2018-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. |
|
269 |
CVE-2012-2614 |
119 |
1
|
DoS Exec Code Overflow |
2012-07-12 |
2012-08-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file. |
|
270 |
CVE-2012-2607 |
78 |
|
|
2012-07-16 |
2012-07-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). |
|
271 |
CVE-2012-2574 |
89 |
|
Exec Code Sql |
2012-07-23 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue. |
|
272 |
CVE-2012-2560 |
22 |
|
Dir. Trav. |
2012-07-05 |
2012-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. |
|
273 |
CVE-2012-2559 |
399 |
|
DoS Exec Code |
2012-07-05 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. |
|
274 |
CVE-2012-2516 |
78 |
|
Exec Code |
2012-07-05 |
2012-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." |
|
275 |
CVE-2012-2515 |
119 |
|
Exec Code Overflow |
2012-07-05 |
2012-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. |
|
276 |
CVE-2012-2486 |
94 |
|
Exec Code |
2012-07-12 |
2018-10-30 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. |
|
277 |
CVE-2012-2447 |
352 |
|
CSRF |
2012-07-09 |
2012-07-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. |
|
278 |
CVE-2012-2446 |
79 |
|
XSS |
2012-07-09 |
2012-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. |
|
279 |
CVE-2012-2442 |
119 |
2
|
DoS Overflow |
2012-07-25 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. |
|
280 |
CVE-2012-2386 |
189 |
|
DoS Exec Code Overflow |
2012-07-07 |
2012-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. |
|
281 |
CVE-2012-2367 |
264 |
|
Bypass |
2012-07-21 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. |
|
282 |
CVE-2012-2366 |
|
|
|
2012-07-21 |
2020-12-01 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. |
|
283 |
CVE-2012-2365 |
79 |
|
XSS |
2012-07-21 |
2020-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. |
|
284 |
CVE-2012-2364 |
79 |
|
XSS |
2012-07-21 |
2020-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. |
|
285 |
CVE-2012-2363 |
89 |
|
Exec Code Sql |
2012-07-21 |
2020-12-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. |
|
286 |
CVE-2012-2362 |
79 |
|
XSS |
2012-07-21 |
2020-12-01 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. |
|
287 |
CVE-2012-2361 |
79 |
|
XSS |
2012-07-21 |
2020-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. |
|
288 |
CVE-2012-2360 |
79 |
|
XSS |
2012-07-21 |
2020-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. |
|
289 |
CVE-2012-2359 |
264 |
|
+Priv |
2012-07-21 |
2020-12-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. |
|
290 |
CVE-2012-2358 |
264 |
|
Bypass |
2012-07-21 |
2020-12-01 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. |
|
291 |
CVE-2012-2357 |
200 |
|
+Info |
2012-07-21 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. |
|
292 |
CVE-2012-2356 |
264 |
|
Bypass |
2012-07-21 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. |
|
293 |
CVE-2012-2355 |
264 |
|
Bypass |
2012-07-21 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. |
|
294 |
CVE-2012-2354 |
264 |
|
Bypass |
2012-07-21 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. |
|
295 |
CVE-2012-2353 |
200 |
|
+Info |
2012-07-21 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. |
|
296 |
CVE-2012-2351 |
287 |
|
|
2012-07-12 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. |
|
297 |
CVE-2012-2318 |
20 |
|
DoS |
2012-07-03 |
2017-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. |
|
298 |
CVE-2012-2314 |
264 |
|
|
2012-07-03 |
2012-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. |
|
299 |
CVE-2012-2310 |
79 |
|
XSS |
2012-07-25 |
2012-08-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. |
|
300 |
CVE-2012-2309 |
79 |
|
XSS |
2012-07-25 |
2012-07-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. |
