CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2012-2678 310 2012-07-03 2017-09-19
1.2
None Local High Not required Partial None None
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
252 CVE-2012-2677 189 Overflow 2012-07-25 2021-05-26
5.0
None Remote Low Not required None None Partial
Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.
253 CVE-2012-2676 189 Overflow 2012-07-25 2012-07-30
4.3
None Remote Medium Not required None Partial None
Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected.
254 CVE-2012-2675 189 Overflow 2012-07-25 2012-07-30
4.3
None Remote Medium Not required None Partial None
Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
255 CVE-2012-2674 189 Overflow 2012-07-25 2012-08-24
4.3
None Remote Medium Not required None Partial None
Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
256 CVE-2012-2673 189 Overflow 2012-07-25 2016-09-29
5.0
None Remote Low Not required None Partial None
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
257 CVE-2012-2655 399 DoS 2012-07-18 2013-04-19
4.0
None Remote Low ??? None None Partial
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
258 CVE-2012-2653 +Priv 2012-07-12 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
259 CVE-2012-2647 200 +Info 2012-07-31 2012-07-31
5.8
None Remote Medium Not required Partial Partial None
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.
260 CVE-2012-2646 200 +Info 2012-07-25 2018-11-29
5.0
None Remote Low Not required Partial None None
The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
261 CVE-2012-2645 200 +Info 2012-07-16 2017-12-22
4.3
None Remote Medium Not required Partial None None
The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
262 CVE-2012-2644 79 XSS 2012-07-07 2012-07-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642.
263 CVE-2012-2643 79 XSS 2012-07-07 2012-07-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry.
264 CVE-2012-2642 79 XSS 2012-07-07 2012-07-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644.
265 CVE-2012-2641 79 XSS 2012-07-05 2012-07-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.
266 CVE-2012-2640 264 2012-07-05 2012-07-17
5.0
None Remote Low Not required Partial None None
The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission.
267 CVE-2012-2627 2012-07-31 2018-03-12
9.4
None Remote Low Not required None Complete Complete
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
268 CVE-2012-2626 287 2012-07-31 2018-03-08
5.0
None Remote Low Not required None Partial None
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
269 CVE-2012-2614 119 1 DoS Exec Code Overflow 2012-07-12 2012-08-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.
270 CVE-2012-2607 78 2012-07-16 2012-07-17
7.5
None Remote Low Not required Partial Partial Partial
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
271 CVE-2012-2574 89 Exec Code Sql 2012-07-23 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
272 CVE-2012-2560 22 Dir. Trav. 2012-07-05 2012-07-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001.
273 CVE-2012-2559 399 DoS Exec Code 2012-07-05 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
274 CVE-2012-2516 78 Exec Code 2012-07-05 2012-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."
275 CVE-2012-2515 119 Exec Code Overflow 2012-07-05 2012-07-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
276 CVE-2012-2486 94 Exec Code 2012-07-12 2018-10-30
8.3
None Local Network Low Not required Complete Complete Complete
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.
277 CVE-2012-2447 352 CSRF 2012-07-09 2012-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action.
278 CVE-2012-2446 79 XSS 2012-07-09 2012-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action.
279 CVE-2012-2442 119 2 DoS Overflow 2012-07-25 2017-08-29
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.
280 CVE-2012-2386 189 DoS Exec Code Overflow 2012-07-07 2012-09-22
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
281 CVE-2012-2367 264 Bypass 2012-07-21 2020-12-01
4.0
None Remote Low ??? None Partial None
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
282 CVE-2012-2366 2012-07-21 2020-12-01
5.5
None Remote Low ??? None Partial Partial
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.
283 CVE-2012-2365 79 XSS 2012-07-21 2020-12-01
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
284 CVE-2012-2364 79 XSS 2012-07-21 2020-12-01
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
285 CVE-2012-2363 89 Exec Code Sql 2012-07-21 2020-12-01
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
286 CVE-2012-2362 79 XSS 2012-07-21 2020-12-01
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.
287 CVE-2012-2361 79 XSS 2012-07-21 2020-12-01
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.
288 CVE-2012-2360 79 XSS 2012-07-21 2020-12-01
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
289 CVE-2012-2359 264 +Priv 2012-07-21 2020-12-01
6.5
None Remote Low ??? Partial Partial Partial
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
290 CVE-2012-2358 264 Bypass 2012-07-21 2020-12-01
5.5
None Remote Low ??? None Partial Partial
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.
291 CVE-2012-2357 200 +Info 2012-07-21 2020-12-01
5.0
None Remote Low Not required Partial None None
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.
292 CVE-2012-2356 264 Bypass 2012-07-21 2020-12-01
4.0
None Remote Low ??? None Partial None
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
293 CVE-2012-2355 264 Bypass 2012-07-21 2020-12-01
4.0
None Remote Low ??? None Partial None
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
294 CVE-2012-2354 264 Bypass 2012-07-21 2020-12-01
4.0
None Remote Low ??? Partial None None
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.
295 CVE-2012-2353 200 +Info 2012-07-21 2020-12-01
4.0
None Remote Low ??? Partial None None
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
296 CVE-2012-2351 287 2012-07-12 2016-12-07
5.0
None Remote Low Not required None Partial None
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
297 CVE-2012-2318 20 DoS 2012-07-03 2017-12-29
5.0
None Remote Low Not required None None Partial
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
298 CVE-2012-2314 264 2012-07-03 2012-08-14
2.1
None Local Low Not required Partial None None
The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
299 CVE-2012-2310 79 XSS 2012-07-25 2012-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
300 CVE-2012-2309 79 XSS 2012-07-25 2012-07-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 536   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.