CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3301 CVE-2012-1145 287 DoS 2012-06-16 2022-02-03
5.0
None Remote Low Not required None None Partial
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.
3302 CVE-2012-1144 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
3303 CVE-2012-1143 189 DoS 2012-04-25 2021-01-26
4.3
None Remote Medium Not required None None Partial
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.
3304 CVE-2012-1142 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
3305 CVE-2012-1141 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.
3306 CVE-2012-1140 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
3307 CVE-2012-1139 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.
3308 CVE-2012-1138 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
3309 CVE-2012-1137 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
3310 CVE-2012-1136 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.
3311 CVE-2012-1135 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.
3312 CVE-2012-1134 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
3313 CVE-2012-1133 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
3314 CVE-2012-1132 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
3315 CVE-2012-1131 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.
3316 CVE-2012-1130 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
3317 CVE-2012-1129 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
3318 CVE-2012-1128 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
3319 CVE-2012-1127 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
3320 CVE-2012-1126 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
3321 CVE-2012-1125 1 Exec Code 2012-10-08 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
3322 CVE-2012-1123 287 Bypass 2012-06-29 2021-01-12
7.5
None Remote Low Not required Partial Partial Partial
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.
3323 CVE-2012-1122 264 Bypass 2012-06-29 2013-08-27
3.6
None Remote High ??? None Partial Partial
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project.
3324 CVE-2012-1121 264 2012-06-29 2021-01-12
4.9
None Remote Medium ??? None Partial Partial
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.
3325 CVE-2012-1120 264 2012-06-29 2021-01-12
3.6
None Remote High ??? None Partial Partial
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
3326 CVE-2012-1119 264 2012-06-29 2021-01-12
6.4
None Remote Low Not required None Partial Partial
MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection.
3327 CVE-2012-1118 264 Bypass 2012-06-29 2013-08-27
4.3
None Remote Medium Not required Partial None None
The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports.
3328 CVE-2012-1117 79 XSS 2012-09-26 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3329 CVE-2012-1116 89 Exec Code Sql 2012-09-26 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
3330 CVE-2012-1113 79 XSS 2012-04-22 2017-12-07
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3331 CVE-2012-1112 22 Dir. Trav. 2012-09-06 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php.
3332 CVE-2012-1110 79 XSS 2012-09-06 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.
3333 CVE-2012-1108 20 DoS 2012-09-06 2017-08-29
4.3
None Remote Medium Not required None None Partial
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.
3334 CVE-2012-1107 DoS 2012-09-06 2017-08-29
4.3
None Remote Medium Not required None None Partial
The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.
3335 CVE-2012-1106 264 +Info 2012-07-03 2017-08-29
1.9
None Local Medium Not required Partial None None
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
3336 CVE-2012-1103 20 2012-09-25 2012-09-26
4.3
None Remote Medium Not required Partial None None
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.
3337 CVE-2012-1099 79 XSS 2012-03-13 2019-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.
3338 CVE-2012-1098 79 XSS 2012-03-13 2019-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
3339 CVE-2012-1097 476 DoS 2012-05-17 2020-07-27
7.2
None Local Low Not required Complete Complete Complete
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
3340 CVE-2012-1090 20 DoS 2012-05-17 2020-07-27
4.9
None Local Low Not required None None Complete
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
3341 CVE-2012-1089 22 Dir. Trav. 2012-03-23 2017-12-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3342 CVE-2012-1087 79 XSS 2012-02-14 2012-02-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3343 CVE-2012-1086 79 XSS 2012-02-14 2012-02-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3344 CVE-2012-1085 +Info 2012-02-14 2017-08-29
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
3345 CVE-2012-1084 79 XSS 2012-02-14 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3346 CVE-2012-1083 352 CSRF 2012-02-14 2012-02-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
3347 CVE-2012-1082 79 XSS 2012-02-14 2012-02-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3348 CVE-2012-1081 79 XSS 2012-02-14 2012-02-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3349 CVE-2012-1080 79 XSS 2012-02-14 2012-02-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3350 CVE-2012-1079 Exec Code 2012-02-14 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 (This Page)68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.