# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
63051 |
CVE-2012-3260 |
|
|
Exec Code |
2012-09-25 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462. |
63052 |
CVE-2012-3259 |
|
|
Exec Code |
2012-09-25 |
2017-08-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461. |
63053 |
CVE-2012-3258 |
|
|
Exec Code |
2012-09-19 |
2017-08-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors. |
63054 |
CVE-2012-3257 |
|
|
|
2012-09-08 |
2013-03-21 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. |
63055 |
CVE-2012-3256 |
352 |
|
CSRF |
2012-09-08 |
2013-03-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
63056 |
CVE-2012-3255 |
79 |
|
XSS |
2012-09-08 |
2013-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
63057 |
CVE-2012-3254 |
|
|
Exec Code Overflow |
2012-08-30 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet. |
63058 |
CVE-2012-3253 |
|
|
Exec Code Overflow |
2012-08-30 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet. |
63059 |
CVE-2012-3252 |
|
|
DoS |
2012-08-20 |
2013-02-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors. |
63060 |
CVE-2012-3251 |
79 |
|
XSS |
2012-08-16 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
63061 |
CVE-2012-3250 |
|
|
DoS |
2012-08-16 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors. |
63062 |
CVE-2012-3249 |
200 |
|
+Info |
2012-08-16 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
63063 |
CVE-2012-3248 |
200 |
|
+Info |
2012-08-16 |
2013-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. |
63064 |
CVE-2012-3247 |
|
|
DoS |
2012-08-16 |
2013-03-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors. |
63065 |
CVE-2012-3243 |
79 |
|
XSS |
2015-05-20 |
2015-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
63066 |
CVE-2012-3241 |
264 |
|
Exec Code |
2012-07-17 |
2012-07-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. |
63067 |
CVE-2012-3240 |
264 |
|
+Priv |
2012-07-17 |
2012-07-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. |
63068 |
CVE-2012-3238 |
79 |
|
XSS |
2012-07-09 |
2012-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. |
63069 |
CVE-2012-3236 |
119 |
1
|
DoS Overflow |
2012-07-12 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. |
63070 |
CVE-2012-3234 |
189 |
|
DoS |
2012-09-12 |
2017-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file. |
63071 |
CVE-2012-3233 |
79 |
|
XSS |
2012-09-15 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
63072 |
CVE-2012-3232 |
79 |
|
XSS |
2012-06-29 |
2012-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in search.php in [email protected] 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. |
63073 |
CVE-2012-3231 |
352 |
|
Exec Code CSRF |
2012-06-27 |
2012-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in [email protected] 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. |
63074 |
CVE-2012-3230 |
|
|
|
2012-10-17 |
2013-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework. |
63075 |
CVE-2012-3229 |
|
|
|
2012-10-17 |
2013-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation. |
63076 |
CVE-2012-3228 |
|
|
|
2012-10-17 |
2017-08-28 |
4.9 |
None |
Remote |
Medium |
Single system |
None |
Partial |
Partial |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE. |
63077 |
CVE-2012-3226 |
|
|
|
2012-10-17 |
2013-10-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confidentiality and integrity, related to BASE. |
63078 |
CVE-2012-3222 |
|
|
|
2012-10-17 |
2013-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon. |
63079 |
CVE-2012-3220 |
|
|
|
2013-01-16 |
2017-09-18 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors. |
63080 |
CVE-2012-3219 |
|
|
|
2013-01-16 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management. |
63081 |
CVE-2012-3218 |
|
|
|
2013-01-16 |
2013-10-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups. |
63082 |
CVE-2012-3213 |
|
|
|
2013-02-01 |
2017-09-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. |
63083 |
CVE-2012-3212 |
|
|
|
2012-10-16 |
2013-10-10 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. |
63084 |
CVE-2012-3211 |
|
|
|
2012-10-16 |
2013-10-10 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call. |
63085 |
CVE-2012-3210 |
|
|
|
2012-10-16 |
2013-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel. |
63086 |
CVE-2012-3209 |
|
|
|
2012-10-16 |
2013-10-10 |
5.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM). |
63087 |
CVE-2012-3208 |
|
|
|
2012-10-16 |
2013-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL. |
63088 |
CVE-2012-3207 |
|
|
|
2012-10-16 |
2013-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel. |
63089 |
CVE-2012-3204 |
|
|
|
2012-10-16 |
2013-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management. |
63090 |
CVE-2012-3202 |
|
|
|
2012-10-16 |
2019-07-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085. |
63091 |
CVE-2012-3201 |
|
|
|
2012-10-16 |
2013-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Self-Service (Student Records). |
63092 |
CVE-2012-3200 |
|
|
|
2012-10-16 |
2017-09-08 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV. |
63093 |
CVE-2012-3199 |
|
|
|
2012-10-16 |
2013-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension. |
63094 |
CVE-2012-3198 |
|
|
|
2012-10-16 |
2013-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query. |
63095 |
CVE-2012-3196 |
|
|
|
2012-10-16 |
2013-10-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and availability, related to PDF generation. |
63096 |
CVE-2012-3195 |
|
|
|
2012-10-16 |
2013-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal. |
63097 |
CVE-2012-3194 |
|
|
|
2012-10-16 |
2013-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration. |
63098 |
CVE-2012-3190 |
|
|
|
2013-01-16 |
2014-03-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity, related to UWQ Server Issues. |
63099 |
CVE-2012-3189 |
|
|
|
2012-10-16 |
2013-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR. |
63100 |
CVE-2012-3187 |
|
|
|
2012-10-16 |
2013-10-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. |