CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3001 CVE-2012-1608 20 XSS Bypass 2012-09-04 2012-09-05
5.0
None Remote Low Not required None Partial None
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
3002 CVE-2012-1607 200 +Info 2012-09-04 2012-09-05
5.0
None Remote Low Not required Partial None None
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
3003 CVE-2012-1606 79 XSS 2012-09-04 2012-09-05
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
3004 CVE-2012-1605 Exec Code 2012-09-04 2012-09-05
5.0
None Remote Low Not required None Partial None
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
3005 CVE-2012-1604 79 1 XSS 2012-10-01 2012-10-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.
3006 CVE-2012-1603 89 1 Exec Code Sql 2012-10-01 2012-10-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.
3007 CVE-2012-1602 287 1 Bypass 2012-10-01 2012-10-02
7.5
None Remote Low Not required Partial Partial Partial
user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.
3008 CVE-2012-1601 399 DoS 2012-05-17 2018-01-05
4.9
None Local Low Not required None None Complete
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
3009 CVE-2012-1599 264 +Info 2012-12-03 2012-12-04
5.0
None Remote Low Not required Partial None None
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
3010 CVE-2012-1598 264 2012-12-03 2012-12-04
7.5
None Remote Low Not required Partial Partial Partial
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
3011 CVE-2012-1597 79 XSS 2012-08-17 2012-08-17
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3012 CVE-2012-1596 399 DoS 2012-04-11 2017-12-29
5.0
None Remote Low Not required None None Partial
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.
3013 CVE-2012-1595 399 DoS 2012-04-11 2017-12-29
4.3
None Remote Medium Not required None None Partial
The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.
3014 CVE-2012-1594 94 DoS 2012-04-11 2017-12-29
3.3
None Local Network Low Not required None None Partial
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
3015 CVE-2012-1593 1 DoS 2012-04-11 2017-12-29
3.3
None Local Network Low Not required None None Partial
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
3016 CVE-2012-1591 264 2012-10-01 2013-12-13
5.0
None Remote Low Not required Partial None None
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
3017 CVE-2012-1590 264 +Info 2012-10-01 2013-12-13
4.0
None Remote Low ??? Partial None None
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
3018 CVE-2012-1589 20 2012-05-18 2013-12-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
3019 CVE-2012-1588 399 DoS 2012-10-01 2013-12-13
3.5
None Remote Medium ??? None None Partial
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
3020 CVE-2012-1586 200 +Info 2012-08-27 2012-08-28
2.1
None Local Low Not required Partial None None
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
3021 CVE-2012-1585 399 DoS 2012-08-17 2018-11-14
4.0
None Remote Low ??? None None Partial
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.
3022 CVE-2012-1584 189 DoS Overflow 2012-09-06 2017-08-29
4.3
None Remote Medium Not required None None Partial
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.
3023 CVE-2012-1583 399 DoS 2012-06-16 2016-08-23
5.0
None Remote Low Not required None None Partial
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
3024 CVE-2012-1582 79 XSS 2012-09-09 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.
3025 CVE-2012-1581 264 2012-09-09 2017-08-29
5.0
None Remote Low Not required None Partial None
MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.
3026 CVE-2012-1580 352 CSRF 2012-09-09 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files.
3027 CVE-2012-1579 200 +Info CSRF 2012-09-09 2012-09-10
5.0
None Remote Low Not required Partial None None
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.
3028 CVE-2012-1578 352 CSRF 2012-09-09 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.
3029 CVE-2012-1576 264 DoS 2012-10-01 2013-04-05
6.0
None Remote Medium ??? Partial Partial Partial
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.
3030 CVE-2012-1575 79 XSS 2012-04-22 2017-12-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.
3031 CVE-2012-1574 310 2012-04-12 2017-03-24
6.5
None Remote Low ??? Partial Partial Partial
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3032 CVE-2012-1573 310 DoS Mem. Corr. 2012-03-26 2018-01-18
5.0
None Remote Low Not required None None Partial
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
3033 CVE-2012-1571 119 DoS Overflow 2012-07-17 2014-03-08
4.3
None Remote Medium Not required None None Partial
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
3034 CVE-2012-1570 2012-03-28 2020-08-14
4.3
None Remote Medium Not required None Partial None
The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
3035 CVE-2012-1569 189 DoS Mem. Corr. 2012-03-26 2018-01-18
5.0
None Remote Low Not required None None Partial
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
3036 CVE-2012-1565 2012-10-06 2019-07-30
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.
3037 CVE-2012-1564 79 XSS 2012-10-06 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3038 CVE-2012-1558 399 DoS 2012-03-12 2018-01-06
5.0
None Remote Low Not required None None Partial
yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate.
3039 CVE-2012-1557 89 Exec Code Sql 2012-03-12 2018-01-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
3040 CVE-2012-1545 119 DoS Overflow Mem. Corr. Bypass 2012-03-09 2021-07-23
5.8
None Remote Medium Not required None Partial Partial
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
3041 CVE-2012-1544 119 Exec Code Overflow 2012-03-09 2012-03-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
3042 CVE-2012-1539 399 Exec Code 2012-11-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
3043 CVE-2012-1538 399 Exec Code 2012-11-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
3044 CVE-2012-1537 119 Exec Code Overflow 2012-12-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
3045 CVE-2012-1535 DoS Exec Code 2012-08-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
3046 CVE-2012-1533 2012-10-16 2022-05-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.
3047 CVE-2012-1532 2012-10-16 2022-05-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
3048 CVE-2012-1531 2012-10-16 2022-05-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
3049 CVE-2012-1529 399 Exec Code 2012-09-21 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
3050 CVE-2012-1528 189 Overflow +Priv 2012-11-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 (This Page)62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.