CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10801 CVE-2012-2956 89 1 Exec Code Sql XSS 2014-09-17 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.
10802 CVE-2012-2939 1 Exec Code 2012-05-27 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
10803 CVE-2012-2930 352 CSRF 2015-04-24 2015-04-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.
10804 CVE-2012-2928 264 DoS 2012-05-22 2017-08-28
6.4
None Remote Low Not required Partial None Partial
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
10805 CVE-2012-2926 264 DoS 2012-05-22 2017-08-28
6.4
None Remote Low Not required Partial None Partial
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
10806 CVE-2012-2902 Exec Code 2012-05-21 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.
10807 CVE-2012-2895 119 DoS Overflow 2012-09-26 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
10808 CVE-2012-2894 399 DoS 2012-09-26 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
10809 CVE-2012-2893 399 DoS 2012-09-26 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
10810 CVE-2012-2890 399 DoS 2012-09-26 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
10811 CVE-2012-2882 20 DoS 2012-09-26 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.
10812 CVE-2012-2875 2012-09-26 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document.
10813 CVE-2012-2871 DoS 2012-08-31 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
10814 CVE-2012-2868 362 DoS 2012-08-31 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
10815 CVE-2012-2862 399 DoS 2012-08-09 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
10816 CVE-2012-2860 DoS 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
10817 CVE-2012-2858 119 DoS Overflow 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.
10818 CVE-2012-2857 399 DoS 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
10819 CVE-2012-2855 399 DoS 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
10820 CVE-2012-2853 DoS 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
10821 CVE-2012-2852 399 DoS 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document.
10822 CVE-2012-2851 189 DoS Overflow 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
10823 CVE-2012-2850 2012-08-06 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.
10824 CVE-2012-2845 189 DoS Overflow +Info 2012-07-13 2016-11-28
6.4
None Remote Low Not required Partial None Partial
Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.
10825 CVE-2012-2836 119 DoS Overflow +Info 2012-07-13 2016-11-28
6.4
None Remote Low Not required Partial None Partial
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
10826 CVE-2012-2832 DoS 2012-06-27 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
10827 CVE-2012-2828 189 DoS Overflow 2012-06-27 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
10828 CVE-2012-2819 20 DoS 2012-06-27 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387.
10829 CVE-2012-2813 119 DoS Overflow +Info 2012-07-13 2016-11-28
6.4
None Remote Low Not required Partial None Partial
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
10830 CVE-2012-2812 119 DoS Overflow +Info 2012-07-13 2016-11-28
6.4
None Remote Low Not required Partial None Partial
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
10831 CVE-2012-2807 189 DoS Overflow 2012-06-27 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
10832 CVE-2012-2806 119 DoS Exec Code Overflow 2012-08-13 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
10833 CVE-2012-2753 +Priv 2012-06-19 2012-06-26
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.
10834 CVE-2012-2734 352 Exec Code CSRF 2012-09-28 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
10835 CVE-2012-2729 352 CSRF 2012-06-26 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry.
10836 CVE-2012-2728 352 CSRF 2012-06-26 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action.
10837 CVE-2012-2721 264 Bypass 2012-06-26 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
10838 CVE-2012-2716 352 CSRF 2012-06-21 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments.
10839 CVE-2012-2713 352 CSRF 2012-06-26 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.
10840 CVE-2012-2670 20 Bypass 2012-06-16 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar.
10841 CVE-2012-2660 264 Bypass 2012-06-22 2019-08-08
6.4
None Remote Low Not required Partial Partial None
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.
10842 CVE-2012-2649 94 Exec Code +Info 2012-08-08 2012-08-13
6.8
None Remote Medium Not required Partial Partial Partial
The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
10843 CVE-2012-2605 352 XSS CSRF 2012-06-13 2012-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.
10844 CVE-2012-2603 264 +Priv +Info 2012-06-08 2012-06-28
6.5
None Remote Low Single system Partial Partial Partial
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
10845 CVE-2012-2602 352 1 CSRF 2012-08-12 2012-08-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
10846 CVE-2012-2564 352 CSRF 2012-06-08 2012-08-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions.
10847 CVE-2012-2496 20 Exec Code 2012-06-20 2012-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.
10848 CVE-2012-2455 264 Bypass 2012-11-09 2012-11-12
6.4
None Remote Low Not required Partial Partial None
Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors.
10849 CVE-2012-2447 352 CSRF 2012-07-09 2012-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action.
10850 CVE-2012-2435 22 Dir. Trav. CSRF 2012-05-27 2012-05-29
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.