CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-1931 264 2012-03-27 2012-10-09
4.6
None Local Low Not required Partial Partial Partial
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing.
2 CVE-2012-1930 264 +Info 2012-03-27 2012-10-09
4.6
None Local Low Not required Partial Partial Partial
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files.
3 CVE-2012-1929 20 2012-03-27 2012-11-06
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.
4 CVE-2012-1928 20 2012-03-27 2012-04-16
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.
5 CVE-2012-1927 20 2012-03-27 2012-04-16
6.4
None Remote Low Not required None Partial Partial
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.
6 CVE-2012-1926 200 Bypass +Info 2012-03-27 2012-04-16
5.0
None Remote Low Not required Partial None None
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
7 CVE-2012-1925 2012-03-27 2012-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.
8 CVE-2012-1924 94 2012-03-27 2012-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.
9 CVE-2012-1920 200 +Info 2012-03-27 2013-10-03
5.0
None Remote Low Not required Partial None None
@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
10 CVE-2012-1919 94 Dir. Trav. 2012-03-27 2012-08-28
6.4
None Remote Low Not required Partial Partial None
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
11 CVE-2012-1918 22 Dir. Trav. 2012-03-27 2012-08-28
5.0
None Remote Low Not required None None Partial
Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter.
12 CVE-2012-1917 22 Dir. Trav. 2012-03-27 2012-08-28
5.0
None Remote Low Not required Partial None None
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence.
13 CVE-2012-1916 Exec Code 2012-03-27 2012-08-28
7.5
None Remote Low Not required Partial Partial Partial
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.
14 CVE-2012-1907 264 Bypass 2012-03-28 2012-04-05
4.3
None Remote Medium Not required None Partial None
The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document.
15 CVE-2012-1904 119 1 DoS Overflow Mem. Corr. 2012-03-28 2012-08-24
4.3
None Remote Medium Not required None None Partial
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
16 CVE-2012-1846 264 Bypass 2012-03-22 2012-08-13
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
17 CVE-2012-1845 399 Exec Code Bypass 2012-03-22 2013-09-07
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
18 CVE-2012-1844 255 2012-03-22 2012-04-04
7.5
None Remote Low Not required Partial Partial Partial
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.
19 CVE-2012-1843 352 Exec Code CSRF 2012-03-22 2012-11-06
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
20 CVE-2012-1842 79 XSS 2012-03-22 2012-11-19
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
21 CVE-2012-1841 22 Dir. Trav. 2012-03-22 2012-04-12
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.
22 CVE-2012-1840 287 2012-03-22 2012-04-12
7.5
None Remote Low Not required Partial Partial Partial
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.
23 CVE-2012-1839 22 Dir. Trav. 2012-03-22 2012-04-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.
24 CVE-2012-1838 287 Bypass +Info 2012-03-22 2012-04-12
5.0
None Remote Low Not required Partial None None
The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page.
25 CVE-2012-1837 200 +Info 2012-03-21 2012-10-30
5.0
None Remote Low Not required Partial None None
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
26 CVE-2012-1836 119 Exec Code Overflow 2012-03-21 2012-04-12
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.
27 CVE-2012-1797 264 2012-03-20 2012-08-13
10.0
None Remote Low Not required Complete Complete Complete
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.
28 CVE-2012-1796 +Priv 2012-03-20 2012-08-13
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
29 CVE-2012-1795 78 Exec Code 2012-03-20 2012-04-13
7.5
None Remote Low Not required Partial Partial Partial
webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012.
30 CVE-2012-1790 22 2 Dir. Trav. 2012-03-19 2012-03-27
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.
31 CVE-2012-1789 79 XSS 2012-03-19 2012-03-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php; or (3) groupdescription or (4) groupname parameters to modules/groups/addgroupform.php.
32 CVE-2012-1788 79 1 XSS 2012-03-19 2012-11-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action.
33 CVE-2012-1787 79 1 XSS 2012-03-19 2012-03-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.
34 CVE-2012-1786 200 +Info 2012-03-19 2012-11-06
5.0
None Remote Low Not required Partial None None
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors.
35 CVE-2012-1785 20 Exec Code 2012-03-19 2012-03-20
7.5
None Remote Low Not required Partial Partial Partial
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors.
36 CVE-2012-1784 89 1 Exec Code Sql 2012-03-19 2012-03-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.
37 CVE-2012-1783 20 1 DoS 2012-03-19 2012-03-20
7.8
None Remote Low Not required None None Complete
Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number.
38 CVE-2012-1782 79 XSS 2012-03-19 2012-03-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.
39 CVE-2012-1781 79 1 XSS 2012-03-19 2012-03-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentajax.php in SocialCMS 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) TREF_email_address or (2) TR_name parameters.
40 CVE-2012-1780 89 1 Exec Code Sql 2012-03-19 2012-03-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter.
41 CVE-2012-1779 79 1 XSS 2012-03-19 2012-03-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php.
42 CVE-2012-1778 89 1 Exec Code Sql 2012-03-19 2012-03-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
43 CVE-2012-1776 119 DoS Exec Code Overflow 2012-03-19 2012-11-06
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.
44 CVE-2012-1775 119 Exec Code Overflow 2012-03-19 2012-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
45 CVE-2012-1774 2012-03-17 2012-04-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.
46 CVE-2012-1670 200 1 +Info 2012-03-31 2012-11-06
5.0
None Remote Low Not required Partial None None
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.
47 CVE-2012-1663 399 1 DoS 2012-03-13 2013-12-12
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
48 CVE-2012-1662 20 DoS 2012-03-21 2012-11-06
5.0
None Remote Low Not required None None Partial
CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.
49 CVE-2012-1573 310 DoS Mem. Corr. 2012-03-26 2014-03-26
5.0
None Remote Low Not required None None Partial
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
50 CVE-2012-1570 2012-03-28 2012-04-05
6.4
None Remote Low Not required None Partial Partial
The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
Total number of vulnerabilities : 393   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.