CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9051 CVE-2012-4324 352 1 CSRF 2012-08-14 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php.
9052 CVE-2012-4280 352 1 CSRF 2012-08-13 2012-08-14
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.
9053 CVE-2012-4269 1 Exec Code 2012-08-13 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.
9054 CVE-2012-4245 287 Exec Code 2012-08-31 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
9055 CVE-2012-4240 89 1 Exec Code Sql 2014-09-11 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
9056 CVE-2012-4237 89 Exec Code Sql 2012-08-20 2012-09-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
9057 CVE-2012-4221 189 DoS Exec Code Overflow 2012-11-30 2013-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call.
9058 CVE-2012-4220 DoS Exec Code 2012-11-30 2013-10-10
6.8
None Remote Medium Not required Partial Partial Partial
diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call.
9059 CVE-2012-4206 +Priv 2012-11-21 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.
9060 CVE-2012-4205 +Info CSRF 2012-11-21 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.
9061 CVE-2012-4203 264 Exec Code 2012-11-21 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
9062 CVE-2012-4201 16 XSS 2012-11-21 2017-09-18
6.4
None Remote Low Not required Partial Partial None
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.
9063 CVE-2012-4143 94 2012-08-06 2012-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.
9064 CVE-2012-4141 264 Dir. Trav. 2013-10-05 2016-09-22
6.2
None Local Low Single system Complete Complete None
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
9065 CVE-2012-4136 264 DoS +Info 2013-10-03 2016-09-22
6.8
None Remote Medium Not required Partial Partial Partial
The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910.
9066 CVE-2012-4122 20 Bypass 2013-10-05 2017-08-28
6.2
None Local Low Single system None Complete Complete
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.
9067 CVE-2012-4121 264 +Priv 2013-10-13 2013-10-16
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
9068 CVE-2012-4112 264 Exec Code +Priv 2013-10-19 2013-10-21
6.8
None Local Low Single system Complete Complete Complete
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330.
9069 CVE-2012-4111 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563.
9070 CVE-2012-4110 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560.
9071 CVE-2012-4109 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559.
9072 CVE-2012-4108 78 Exec Code +Priv 2013-10-13 2013-10-15
6.8
None Local Low Single system Complete Complete Complete
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554.
9073 CVE-2012-4106 264 Exec Code +Priv 2013-10-13 2016-09-22
6.8
None Local Low Single system Complete Complete Complete
The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477.
9074 CVE-2012-4104 22 Dir. Trav. 2013-10-02 2013-10-03
6.6
None Local Medium Single system Complete Complete Complete
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.
9075 CVE-2012-4103 20 +Priv 2013-10-02 2017-02-19
6.8
None Local Low Single system Complete Complete Complete
ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.
9076 CVE-2012-4102 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600.
9077 CVE-2012-4096 20 +Priv 2013-09-30 2013-10-01
6.2
None Local Low Single system Complete Complete None
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574.
9078 CVE-2012-4089 20 Exec Code 2013-09-24 2017-08-28
6.6
None Local Medium Single system Complete Complete Complete
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239.
9079 CVE-2012-4084 352 CSRF 2013-10-05 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.
9080 CVE-2012-4082 20 +Priv 2013-09-20 2017-08-28
6.8
None Local Low Single system Complete Complete Complete
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.
9081 CVE-2012-4077 264 Exec Code +Priv 2013-10-13 2016-09-23
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
9082 CVE-2012-4076 20 Exec Code +Priv 2013-10-13 2017-08-28
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
9083 CVE-2012-4064 264 +Priv 2012-10-01 2012-10-02
6.5
None Remote Low Single system Partial Partial Partial
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.
9084 CVE-2012-4059 352 1 CSRF 2012-07-25 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
9085 CVE-2012-4054 119 1 Exec Code Overflow 2012-07-25 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
9086 CVE-2012-4053 352 CSRF 2012-07-25 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
9087 CVE-2012-4051 352 CSRF 2012-09-28 2012-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
9088 CVE-2012-4036 Exec Code 2012-08-27 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.
9089 CVE-2012-4025 189 Exec Code Overflow 2012-07-19 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
9090 CVE-2012-4024 119 Exec Code Overflow 2012-07-19 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
9091 CVE-2012-4022 264 2012-11-08 2013-02-02
6.4
None Remote Low Not required None Partial Partial
Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment.
9092 CVE-2012-4009 94 Exec Code +Info 2012-08-31 2013-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
9093 CVE-2012-4008 94 Exec Code +Info 2012-08-31 2013-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
9094 CVE-2012-4002 352 CSRF 2012-10-09 2013-04-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
9095 CVE-2012-3986 264 Bypass 2012-10-10 2017-09-18
6.4
None Remote Low Not required Partial Partial None
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
9096 CVE-2012-3984 2012-10-10 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.
9097 CVE-2012-3979 Exec Code 2012-08-29 2013-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
9098 CVE-2012-3978 264 Bypass 2012-08-29 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.
9099 CVE-2012-3974 399 +Priv 2012-08-29 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.
9100 CVE-2012-3967 DoS Exec Code Mem. Corr. 2012-08-29 2013-05-29
6.8
None Remote Medium Not required Partial Partial Partial
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.