| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
3451 |
CVE-2012-0956 |
264 |
|
|
2012-09-28 |
2012-10-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed. |
|
3452 |
CVE-2012-0954 |
20 |
|
|
2012-06-19 |
2020-01-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. |
|
3453 |
CVE-2012-0950 |
200 |
|
+Info |
2012-06-19 |
2012-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949. |
|
3454 |
CVE-2012-0949 |
200 |
|
+Info |
2012-05-31 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. |
|
3455 |
CVE-2012-0948 |
264 |
|
|
2012-06-07 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. |
|
3456 |
CVE-2012-0947 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2012-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size. |
|
3457 |
CVE-2012-0946 |
264 |
|
|
2012-04-22 |
2017-12-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. |
|
3458 |
CVE-2012-0944 |
287 |
|
|
2012-06-04 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. |
|
3459 |
CVE-2012-0942 |
119 |
|
Exec Code Overflow |
2012-04-17 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. |
|
3460 |
CVE-2012-0937 |
|
1
|
DoS |
2012-01-30 |
2012-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time. |
|
3461 |
CVE-2012-0936 |
79 |
|
XSS |
2012-01-29 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. |
|
3462 |
CVE-2012-0935 |
89 |
1
|
Exec Code Sql |
2012-01-29 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter. |
|
3463 |
CVE-2012-0934 |
94 |
|
Exec Code File Inclusion |
2012-01-29 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter. |
|
3464 |
CVE-2012-0933 |
79 |
1
|
XSS |
2012-01-29 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. |
|
3465 |
CVE-2012-0932 |
79 |
1
|
XSS |
2012-01-29 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
|
3466 |
CVE-2012-0931 |
287 |
|
DoS Exec Code |
2012-01-28 |
2020-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. |
|
3467 |
CVE-2012-0930 |
79 |
|
XSS |
2012-01-28 |
2020-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
3468 |
CVE-2012-0929 |
119 |
|
DoS Overflow |
2012-01-28 |
2020-07-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. |
|
3469 |
CVE-2012-0928 |
94 |
|
Exec Code |
2012-02-08 |
2012-02-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. |
|
3470 |
CVE-2012-0927 |
94 |
|
Exec Code |
2012-02-08 |
2012-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. |
|
3471 |
CVE-2012-0926 |
94 |
|
Exec Code |
2012-02-08 |
2012-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. |
|
3472 |
CVE-2012-0925 |
94 |
|
Exec Code |
2012-02-08 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream. |
|
3473 |
CVE-2012-0924 |
94 |
|
Exec Code |
2012-02-08 |
2012-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream. |
|
3474 |
CVE-2012-0923 |
94 |
|
Exec Code |
2012-02-08 |
2012-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream. |
|
3475 |
CVE-2012-0922 |
94 |
|
Exec Code |
2012-02-08 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. |
|
3476 |
CVE-2012-0920 |
399 |
|
Exec Code Bypass |
2012-06-05 |
2018-10-30 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency." |
|
3477 |
CVE-2012-0919 |
79 |
|
XSS |
2012-01-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
3478 |
CVE-2012-0918 |
|
|
Exec Code |
2012-01-24 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors. |
|
3479 |
CVE-2012-0917 |
79 |
|
XSS |
2012-01-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
3480 |
CVE-2012-0916 |
119 |
|
Exec Code Overflow |
2012-01-24 |
2012-01-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file. |
|
3481 |
CVE-2012-0915 |
189 |
|
Exec Code Overflow |
2012-01-24 |
2012-01-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image. |
|
3482 |
CVE-2012-0914 |
79 |
|
XSS |
2012-01-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. |
|
3483 |
CVE-2012-0913 |
89 |
1
|
Exec Code Sql |
2012-01-24 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information. |
|
3484 |
CVE-2012-0912 |
89 |
|
Exec Code Sql |
2012-01-24 |
2012-01-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
3485 |
CVE-2012-0911 |
94 |
2
|
Exec Code |
2012-07-12 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. |
|
3486 |
CVE-2012-0909 |
79 |
|
XSS |
2012-01-24 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. |
|
3487 |
CVE-2012-0908 |
79 |
|
XSS |
2012-01-24 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter. |
|
3488 |
CVE-2012-0907 |
22 |
|
Dir. Trav. |
2012-01-20 |
2017-08-29 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive. |
|
3489 |
CVE-2012-0906 |
89 |
1
|
Exec Code Sql |
2012-01-20 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php. |
|
3490 |
CVE-2012-0905 |
89 |
1
|
Exec Code Sql |
2012-01-20 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php. |
|
3491 |
CVE-2012-0904 |
399 |
1
|
DoS |
2012-01-20 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. |
|
3492 |
CVE-2012-0903 |
79 |
1
|
XSS |
2012-01-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. |
|
3493 |
CVE-2012-0902 |
|
1
|
DoS |
2012-01-20 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. |
|
3494 |
CVE-2012-0901 |
79 |
1
|
XSS |
2012-01-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. |
|
3495 |
CVE-2012-0900 |
79 |
|
XSS |
2012-01-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php. |
|
3496 |
CVE-2012-0899 |
79 |
1
|
XSS |
2012-01-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter. |
|
3497 |
CVE-2012-0898 |
22 |
1
|
Dir. Trav. |
2012-01-20 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. |
|
3498 |
CVE-2012-0897 |
119 |
|
Exec Code Overflow |
2012-01-20 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. |
|
3499 |
CVE-2012-0896 |
22 |
2
|
Dir. Trav. |
2012-01-20 |
2020-07-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. |
|
3500 |
CVE-2012-0895 |
79 |
2
|
XSS |
2012-01-20 |
2020-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. |
