| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
14251 |
CVE-2012-5531 |
79 |
|
XSS |
2013-01-18 |
2013-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
14252 |
CVE-2012-5525 |
|
|
DoS |
2012-12-13 |
2017-08-28 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. |
|
14253 |
CVE-2012-5524 |
20 |
|
|
2014-02-07 |
2014-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA. |
|
14254 |
CVE-2012-5517 |
|
|
DoS |
2012-12-21 |
2013-06-20 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. |
|
14255 |
CVE-2012-5515 |
|
|
DoS |
2012-12-13 |
2017-08-28 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. |
|
14256 |
CVE-2012-5514 |
|
|
DoS |
2012-12-13 |
2017-08-28 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. |
|
14257 |
CVE-2012-5511 |
119 |
|
DoS Overflow |
2012-12-13 |
2017-08-28 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. |
|
14258 |
CVE-2012-5510 |
|
|
DoS |
2012-12-13 |
2017-08-28 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. |
|
14259 |
CVE-2012-5507 |
362 |
|
|
2014-09-30 |
2014-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. |
|
14260 |
CVE-2012-5504 |
79 |
|
XSS |
2014-09-30 |
2014-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
14261 |
CVE-2012-5500 |
352 |
|
CSRF |
2014-11-03 |
2014-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. |
|
14262 |
CVE-2012-5494 |
79 |
|
XSS |
2014-09-30 |
2014-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." |
|
14263 |
CVE-2012-5491 |
200 |
|
+Info |
2014-09-30 |
2014-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. |
|
14264 |
CVE-2012-5490 |
79 |
|
XSS |
2014-09-30 |
2014-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
14265 |
CVE-2012-5481 |
264 |
|
Bypass |
2012-11-21 |
2013-06-20 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. |
|
14266 |
CVE-2012-5478 |
264 |
|
Bypass |
2013-02-05 |
2017-08-28 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors. |
|
14267 |
CVE-2012-5473 |
200 |
|
+Info |
2012-11-21 |
2013-06-20 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search. |
|
14268 |
CVE-2012-5472 |
264 |
|
Bypass |
2012-11-21 |
2013-06-20 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. |
|
14269 |
CVE-2012-5470 |
119 |
1
|
DoS Overflow |
2012-10-26 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. |
|
14270 |
CVE-2012-5460 |
79 |
|
XSS |
2013-08-01 |
2013-08-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. |
|
14271 |
CVE-2012-5456 |
310 |
|
|
2012-10-24 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files. |
|
14272 |
CVE-2012-5455 |
79 |
|
XSS |
2012-10-22 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." |
|
14273 |
CVE-2012-5452 |
79 |
2
|
XSS |
2012-10-22 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2. |
|
14274 |
CVE-2012-5429 |
|
|
DoS |
2013-01-17 |
2013-01-18 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. |
|
14275 |
CVE-2012-5427 |
20 |
|
DoS |
2014-04-23 |
2014-04-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. |
|
14276 |
CVE-2012-5384 |
79 |
|
XSS |
2012-10-11 |
2012-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846. |
|
14277 |
CVE-2012-5375 |
310 |
|
DoS |
2013-02-18 |
2014-01-03 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value. |
|
14278 |
CVE-2012-5374 |
310 |
|
DoS |
2013-02-18 |
2014-01-03 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value. |
|
14279 |
CVE-2012-5368 |
79 |
|
XSS |
2012-10-25 |
2013-01-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. |
|
14280 |
CVE-2012-5346 |
79 |
1
|
XSS |
2012-10-09 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information. |
|
14281 |
CVE-2012-5343 |
79 |
1
|
XSS |
2012-10-09 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable. |
|
14282 |
CVE-2012-5341 |
79 |
1
|
XSS |
2012-10-09 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action. |
|
14283 |
CVE-2012-5337 |
79 |
|
XSS |
2013-02-24 |
2013-02-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters. |
|
14284 |
CVE-2012-5336 |
20 |
|
|
2014-06-04 |
2014-06-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. |
|
14285 |
CVE-2012-5335 |
22 |
1
|
Dir. Trav. |
2012-10-08 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request. |
|
14286 |
CVE-2012-5330 |
79 |
1
|
XSS |
2012-10-08 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php. |
|
14287 |
CVE-2012-5329 |
119 |
1
|
DoS Overflow |
2012-10-08 |
2013-01-25 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command. |
|
14288 |
CVE-2012-5322 |
79 |
1
|
XSS |
2012-10-08 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config. |
|
14289 |
CVE-2012-5315 |
79 |
1
|
XSS |
2012-10-08 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php. |
|
14290 |
CVE-2012-5314 |
79 |
1
|
XSS |
2012-10-08 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter. |
|
14291 |
CVE-2012-5305 |
79 |
|
XSS |
2012-10-06 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter. |
|
14292 |
CVE-2012-5296 |
79 |
|
XSS |
2012-10-04 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp. |
|
14293 |
CVE-2012-5295 |
79 |
|
XSS |
2012-10-04 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. |
|
14294 |
CVE-2012-5232 |
79 |
|
XSS |
2012-10-01 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
14295 |
CVE-2012-5229 |
79 |
1
|
XSS |
2012-10-01 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. |
|
14296 |
CVE-2012-5228 |
79 |
1
|
XSS |
2012-10-01 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information. |
|
14297 |
CVE-2012-5226 |
79 |
1
|
XSS |
2012-10-01 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php. |
|
14298 |
CVE-2012-5225 |
79 |
1
|
XSS |
2012-10-01 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. |
|
14299 |
CVE-2012-5219 |
79 |
|
XSS |
2013-04-27 |
2013-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
14300 |
CVE-2012-5187 |
264 |
|
+Info |
2013-02-06 |
2013-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. |
