# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
50401 |
CVE-2012-1410 |
79 |
|
XSS |
2012-02-29 |
2012-02-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description. |
50402 |
CVE-2012-1370 |
119 |
|
DoS Overflow |
2012-08-06 |
2012-08-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. |
50403 |
CVE-2012-1367 |
20 |
|
DoS |
2012-08-06 |
2012-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. |
50404 |
CVE-2012-1366 |
20 |
|
DoS |
2014-04-23 |
2014-04-23 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. |
50405 |
CVE-2012-1365 |
|
|
DoS |
2012-08-06 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463. |
50406 |
CVE-2012-1364 |
|
|
DoS |
2012-08-06 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452. |
50407 |
CVE-2012-1361 |
200 |
|
+Info |
2012-08-06 |
2012-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. |
50408 |
CVE-2012-1357 |
119 |
|
DoS Overflow |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. |
50409 |
CVE-2012-1348 |
200 |
|
+Info |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. |
50410 |
CVE-2012-1346 |
399 |
|
DoS |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. |
50411 |
CVE-2012-1344 |
119 |
|
DoS Overflow |
2012-08-06 |
2013-04-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. |
50412 |
CVE-2012-1342 |
863 |
|
Bypass |
2012-08-06 |
2019-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. |
50413 |
CVE-2012-1340 |
119 |
|
DoS Overflow |
2012-08-06 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. |
50414 |
CVE-2012-1339 |
119 |
|
DoS Overflow |
2012-08-06 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543. |
50415 |
CVE-2012-1338 |
362 |
|
DoS |
2012-08-06 |
2013-04-01 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. |
50416 |
CVE-2012-1328 |
94 |
|
+Priv |
2012-05-03 |
2017-12-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237. |
50417 |
CVE-2012-1327 |
284 |
|
DoS |
2012-05-03 |
2017-12-06 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. |
50418 |
CVE-2012-1317 |
119 |
|
DoS Overflow |
2014-04-23 |
2014-04-23 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. |
50419 |
CVE-2012-1313 |
264 |
|
+Priv |
2013-09-27 |
2016-11-04 |
6.5 |
None |
Local |
Low |
Multiple systems |
Complete |
Complete |
Complete |
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. |
50420 |
CVE-2012-1308 |
352 |
1
|
CSRF |
2012-10-08 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. |
50421 |
CVE-2012-1303 |
79 |
|
XSS |
2014-12-27 |
2014-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3) amcolumn.swf, (4) amline.swf, (5) amradar.swf, or (6) amxy.sw; or (7) the settings_file parameter to amstock.swf. |
50422 |
CVE-2012-1302 |
79 |
|
XSS |
2014-12-27 |
2017-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf. |
50423 |
CVE-2012-1297 |
352 |
2
|
CSRF |
2012-03-19 |
2019-06-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module. |
50424 |
CVE-2012-1296 |
79 |
|
XSS |
2012-08-26 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview. |
50425 |
CVE-2012-1293 |
79 |
|
XSS |
2012-09-25 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters. |
50426 |
CVE-2012-1292 |
|
|
+Info |
2012-02-23 |
2012-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. |
50427 |
CVE-2012-1291 |
|
|
+Info |
2012-02-23 |
2012-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. |
50428 |
CVE-2012-1290 |
79 |
|
XSS |
2012-02-23 |
2012-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. |
50429 |
CVE-2012-1289 |
22 |
|
Dir. Trav. |
2012-02-23 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. |
50430 |
CVE-2012-1262 |
79 |
1
|
XSS |
2012-03-02 |
2018-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318. |
50431 |
CVE-2012-1256 |
287 |
|
Bypass |
2012-02-22 |
2012-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. |
50432 |
CVE-2012-1254 |
79 |
|
XSS |
2012-06-04 |
2012-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
50433 |
CVE-2012-1253 |
79 |
|
XSS |
2012-06-04 |
2012-06-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment. |
50434 |
CVE-2012-1252 |
79 |
|
XSS |
2012-06-04 |
2012-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. |
50435 |
CVE-2012-1251 |
310 |
|
+Info |
2012-06-04 |
2014-03-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
50436 |
CVE-2012-1249 |
200 |
|
+Info |
2012-05-21 |
2013-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application. |
50437 |
CVE-2012-1248 |
264 |
|
|
2012-05-15 |
2017-08-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain. |
50438 |
CVE-2012-1247 |
79 |
|
XSS |
2012-05-15 |
2017-12-04 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions. |
50439 |
CVE-2012-1246 |
79 |
|
XSS |
2012-05-15 |
2017-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. |
50440 |
CVE-2012-1245 |
79 |
|
XSS |
2012-04-27 |
2017-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI. |
50441 |
CVE-2012-1244 |
310 |
|
+Info |
2012-04-27 |
2017-12-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
50442 |
CVE-2012-1243 |
200 |
|
+Info |
2012-04-21 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. |
50443 |
CVE-2012-1242 |
|
|
+Priv |
2012-04-27 |
2017-12-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
50444 |
CVE-2012-1240 |
79 |
|
XSS |
2012-04-16 |
2017-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
50445 |
CVE-2012-1238 |
|
|
|
2012-04-06 |
2012-11-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. |
50446 |
CVE-2012-1237 |
352 |
|
CSRF |
2012-04-06 |
2012-11-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. |
50447 |
CVE-2012-1236 |
352 |
|
Exec Code CSRF |
2012-03-19 |
2012-06-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands. |
50448 |
CVE-2012-1235 |
352 |
|
CSRF |
2012-02-21 |
2012-02-23 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. |
50449 |
CVE-2012-1234 |
89 |
|
Exec Code Sql |
2012-02-21 |
2012-02-23 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. |
50450 |
CVE-2012-1227 |
352 |
1
|
CSRF |
2012-02-21 |
2012-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. |