CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10651 CVE-2012-4089 20 Exec Code 2013-09-24 2017-08-28
6.6
None Local Medium Single system Complete Complete Complete
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239.
10652 CVE-2012-4084 352 CSRF 2013-10-05 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.
10653 CVE-2012-4082 20 +Priv 2013-09-20 2017-08-28
6.8
None Local Low Single system Complete Complete Complete
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.
10654 CVE-2012-4077 264 Exec Code +Priv 2013-10-13 2016-09-23
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
10655 CVE-2012-4076 20 Exec Code +Priv 2013-10-13 2017-08-28
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
10656 CVE-2012-4064 264 +Priv 2012-10-01 2012-10-02
6.5
None Remote Low Single system Partial Partial Partial
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id.
10657 CVE-2012-4059 352 1 CSRF 2012-07-25 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
10658 CVE-2012-4054 119 1 Exec Code Overflow 2012-07-25 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
10659 CVE-2012-4053 352 CSRF 2012-07-25 2019-07-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
10660 CVE-2012-4051 352 CSRF 2012-09-28 2012-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
10661 CVE-2012-4036 Exec Code 2012-08-27 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.
10662 CVE-2012-4025 189 Exec Code Overflow 2012-07-19 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
10663 CVE-2012-4024 119 Exec Code Overflow 2012-07-19 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
10664 CVE-2012-4022 264 2012-11-08 2013-02-02
6.4
None Remote Low Not required None Partial Partial
Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment.
10665 CVE-2012-4009 94 Exec Code +Info 2012-08-31 2013-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
10666 CVE-2012-4008 94 Exec Code +Info 2012-08-31 2013-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
10667 CVE-2012-4002 352 CSRF 2012-10-09 2013-04-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
10668 CVE-2012-3986 264 Bypass 2012-10-10 2017-09-18
6.4
None Remote Low Not required Partial Partial None
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
10669 CVE-2012-3984 2012-10-10 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.
10670 CVE-2012-3979 Exec Code 2012-08-29 2013-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
10671 CVE-2012-3978 264 Bypass 2012-08-29 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.
10672 CVE-2012-3974 399 +Priv 2012-08-29 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.
10673 CVE-2012-3967 DoS Exec Code Mem. Corr. 2012-08-29 2013-05-29
6.8
None Remote Medium Not required Partial Partial Partial
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.
10674 CVE-2012-3908 352 CSRF 2012-09-16 2013-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10675 CVE-2012-3895 DoS 2012-09-16 2017-08-28
6.3
None Remote Medium Single system None None Complete
Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.
10676 CVE-2012-3893 DoS 2012-09-16 2012-09-17
6.3
None Remote Medium Single system None None Complete
The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
10677 CVE-2012-3890 119 DoS Overflow Mem. Corr. 2012-07-11 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
10678 CVE-2012-3889 119 DoS Overflow Mem. Corr. 2012-07-11 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
10679 CVE-2012-3873 89 1 Exec Code Sql 2012-12-28 2012-12-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.
10680 CVE-2012-3834 89 1 Exec Code Sql 2012-07-03 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
10681 CVE-2012-3747 119 DoS Exec Code Overflow Mem. Corr. 2012-09-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
10682 CVE-2012-3732 310 2012-09-20 2017-08-28
6.4
None Remote Low Not required None Partial Partial
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
10683 CVE-2012-3728 264 +Priv 2012-09-20 2013-03-22
6.9
None Local Medium Not required Complete Complete Complete
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
10684 CVE-2012-3727 119 Exec Code Overflow 2012-09-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
10685 CVE-2012-3726 399 DoS Exec Code 2012-09-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
10686 CVE-2012-3722 399 DoS Exec Code 2012-09-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
10687 CVE-2012-3719 20 Exec Code 2012-09-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
10688 CVE-2012-3712 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10689 CVE-2012-3711 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10690 CVE-2012-3710 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10691 CVE-2012-3709 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10692 CVE-2012-3708 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10693 CVE-2012-3707 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10694 CVE-2012-3706 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10695 CVE-2012-3705 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10696 CVE-2012-3704 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10697 CVE-2012-3702 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10698 CVE-2012-3700 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10699 CVE-2012-3699 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
10700 CVE-2012-3692 DoS Exec Code Mem. Corr. 2012-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.