CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2901 CVE-2012-3193 2012-10-16 2013-10-10
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Administration.
2902 CVE-2012-3192 2013-01-16 2013-10-10
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE).
2903 CVE-2012-3188 2012-10-16 2013-10-10
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect integrity, related to PIA Core Technology.
2904 CVE-2012-3179 2012-10-16 2013-10-10
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Tree Manager.
2905 CVE-2012-3176 2012-10-16 2013-10-10
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Panel Processor.
2906 CVE-2012-3167 2012-10-16 2018-12-04
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
2907 CVE-2012-3165 2012-10-16 2013-10-10
3.6
None Local Low Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.
2908 CVE-2012-3164 2012-10-16 2013-10-10
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Publish Item.
2909 CVE-2012-3157 2012-10-16 2017-08-28
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE.
2910 CVE-2012-3156 2012-10-16 2013-10-10
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
2911 CVE-2012-3151 2012-10-16 2013-10-10
3.3
None Local Medium Not required None Partial Partial
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors.
2912 CVE-2012-3149 2012-10-16 2017-08-28
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
2913 CVE-2012-3148 2012-10-16 2013-10-10
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload.
2914 CVE-2012-3142 2012-10-16 2017-08-28
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE.
2915 CVE-2012-3128 2012-07-17 2017-08-28
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager.
2916 CVE-2012-3111 2012-07-17 2017-08-28
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762.
2917 CVE-2012-2985 79 XSS 2012-08-21 2012-08-21
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter.
2918 CVE-2012-2725 264 XSS Bypass 2012-06-26 2017-08-28
3.5
None Remote Medium Single system None Partial None
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.
2919 CVE-2012-2693 264 2012-06-16 2013-01-14
3.7
None Local High Not required Partial Partial Partial
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
2920 CVE-2012-2692 264 Bypass 2012-06-16 2013-08-26
3.6
None Remote High Single system None Partial Partial
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
2921 CVE-2012-2604 79 XSS 2012-06-13 2012-06-13
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
2922 CVE-2012-2451 2012-06-27 2017-08-28
3.6
None Local Low Not required None Partial Partial
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
2923 CVE-2012-2394 119 DoS Overflow 2012-06-30 2012-11-06
3.3
None Local Network Low Not required None None Partial
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
2924 CVE-2012-2393 119 DoS Overflow 2012-06-30 2017-09-18
3.3
None Local Network Low Not required None None Partial
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.
2925 CVE-2012-2392 399 DoS 2012-06-30 2017-09-18
3.3
None Local Network Low Not required None None Partial
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
2926 CVE-2012-2381 79 XSS 2012-06-26 2013-10-03
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
2927 CVE-2012-2377 287 2012-11-23 2017-08-28
3.3
None Local Network Low Not required Partial None None
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
2928 CVE-2012-2365 79 XSS 2012-07-20 2012-10-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
2929 CVE-2012-2364 79 XSS 2012-07-20 2012-07-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
2930 CVE-2012-2361 79 XSS 2012-07-20 2012-07-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.
2931 CVE-2012-2360 79 XSS 2012-07-20 2012-07-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
2932 CVE-2012-2340 264 2012-05-21 2012-06-27
3.5
None Remote Medium Single system None Partial None
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.
2933 CVE-2012-2310 79 XSS 2012-07-25 2012-08-08
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
2934 CVE-2012-2309 79 XSS 2012-07-25 2012-07-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.
2935 CVE-2012-2308 79 XSS 2012-07-25 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
2936 CVE-2012-2214 399 DoS 2012-07-03 2017-12-28
3.5
None Remote Medium Single system None None Partial
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.
2937 CVE-2012-2206 264 1 2012-08-17 2017-08-28
3.5
None Remote Medium Single system Partial None None
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
2938 CVE-2012-2205 79 XSS 2012-08-17 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.
2939 CVE-2012-2202 22 Dir. Trav. 2012-07-27 2017-12-21
3.5
None Remote Medium Single system Partial None None
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.
2940 CVE-2012-2169 79 XSS 2012-08-17 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.
2941 CVE-2012-2165 200 +Info 2012-08-17 2017-08-28
3.5
None Remote Medium Single system Partial None None
IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.
2942 CVE-2012-2141 DoS 2012-08-14 2017-08-28
3.5
None Remote Medium Single system None None Partial
Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
2943 CVE-2012-2120 264 2012-05-18 2012-05-21
3.3
None Local Medium Not required None Partial Partial
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
2944 CVE-2012-2102 119 DoS Overflow 2012-08-16 2014-02-20
3.5
None Remote Medium Single system None None Partial
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
2945 CVE-2012-2101 264 DoS 2012-06-07 2017-08-28
3.5
None Remote Medium Single system None None Partial
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
2946 CVE-2012-2093 59 2012-05-18 2017-08-28
3.3
None Local Medium Not required None Partial Partial
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
2947 CVE-2012-2065 79 XSS 2012-09-04 2012-09-05
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors.
2948 CVE-2012-1995 +Info 2013-03-11 2013-03-17
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors.
2949 CVE-2012-1993 +Info 2012-04-18 2017-12-18
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors.
2950 CVE-2012-1989 264 2012-06-27 2017-08-28
3.6
None Local Low Not required None Partial Partial
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Total number of vulnerabilities : 3652   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 (This Page)60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.