CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3601 CVE-2012-1678 2013-01-16 2013-10-10
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC.
3602 CVE-2012-1676 2012-05-03 2013-10-10
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking.
3603 CVE-2012-1653 79 XSS 2012-09-19 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."
3604 CVE-2012-1651 79 XSS 2012-09-19 2012-09-20
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3605 CVE-2012-1639 79 XSS 2012-10-01 2017-08-28
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.
3606 CVE-2012-1628 79 XSS 2012-09-19 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3607 CVE-2012-1627 79 XSS 2012-09-19 2012-10-15
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.
3608 CVE-2012-1624 79 XSS 2012-10-06 2017-08-28
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content.
3609 CVE-2012-1620 264 +Info 2012-07-12 2017-08-28
3.6
None Local Low Not required Partial Partial None
slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.
3610 CVE-2012-1613 79 2 XSS 2012-09-04 2013-07-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
3611 CVE-2012-1606 79 XSS 2012-09-04 2012-09-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
3612 CVE-2012-1594 94 DoS 2012-04-11 2017-12-28
3.3
None Local Network Low Not required None None Partial
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
3613 CVE-2012-1593 1 DoS 2012-04-11 2017-12-28
3.3
None Local Network Low Not required None None Partial
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
3614 CVE-2012-1588 399 DoS 2012-09-30 2013-12-12
3.5
None Remote Medium Single system None None Partial
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
3615 CVE-2012-1417 79 2 XSS 2014-09-17 2017-08-28
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
3616 CVE-2012-1370 119 DoS Overflow 2012-08-06 2012-08-06
3.5
None Remote Medium Single system None None Partial
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.
3617 CVE-2012-1344 119 DoS Overflow 2012-08-06 2013-04-01
3.5
None Remote Medium Single system None None Partial
Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328.
3618 CVE-2012-1174 362 2012-07-12 2012-08-13
3.3
None Local Medium Not required None Partial Partial
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
3619 CVE-2012-1122 264 Bypass 2012-06-29 2013-08-26
3.6
None Remote High Single system None Partial Partial
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project.
3620 CVE-2012-1120 264 2012-06-29 2013-08-26
3.6
None Remote High Single system None Partial Partial
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
3621 CVE-2012-1088 59 2014-02-15 2016-08-22
3.3
None Local Medium Not required None Partial Partial
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.
3622 CVE-2012-1082 79 XSS 2012-02-14 2012-02-29
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3623 CVE-2012-0991 22 Dir. Trav. 2012-02-07 2017-08-28
3.5
None Remote Medium Single system Partial None None
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
3624 CVE-2012-0990 352 CSRF 2012-02-07 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.
3625 CVE-2012-0827 264 2013-10-28 2013-10-29
3.5
None Remote Medium Single system Partial None None
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
3626 CVE-2012-0814 255 +Info 2012-01-27 2017-08-28
3.5
None Remote Medium Single system Partial None None
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
3627 CVE-2012-0808 59 2012-03-19 2012-09-04
3.6
None Local Low Not required None Partial Partial
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.
3628 CVE-2012-0787 +Info 2013-11-23 2019-04-22
3.7
None Local High Not required Partial Partial Partial
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
3629 CVE-2012-0786 59 +Info 2013-11-23 2014-01-23
3.3
None Local Medium Not required Partial Partial None
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
3630 CVE-2012-0746 79 XSS 2012-09-10 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3631 CVE-2012-0737 79 XSS 2012-05-03 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3632 CVE-2012-0713 2012-08-24 2018-10-02
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.
3633 CVE-2012-0706 264 +Info 2013-04-07 2017-08-28
3.5
None Remote Medium Single system Partial None None
IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine.
3634 CVE-2012-0579 2012-05-03 2016-11-04
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core.
3635 CVE-2012-0577 2012-05-03 2016-11-04
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect availability via unknown vectors related to Core.
3636 CVE-2012-0569 2013-01-16 2017-09-18
3.3
None Local Medium Not required Partial Partial None
Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.
3637 CVE-2012-0561 2012-05-03 2017-12-06
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to PIA Core Technology.
3638 CVE-2012-0546 2012-05-03 2016-11-25
3.6
None Remote High Single system Partial Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0545 and CVE-2012-0567.
3639 CVE-2012-0545 2012-05-03 2016-11-25
3.6
None Remote High Single system Partial Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0546 and CVE-2012-0567.
3640 CVE-2012-0544 2012-05-03 2016-11-23
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0571.
3641 CVE-2012-0541 2012-05-03 2013-10-10
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services.
3642 CVE-2012-0531 2012-05-03 2017-12-12
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.
3643 CVE-2012-0529 2012-05-03 2017-12-06
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core.
3644 CVE-2012-0524 2012-05-03 2017-12-06
3.2
None Local Low Single system Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing.
3645 CVE-2012-0509 2012-05-03 2013-10-10
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2 and 5.3.0 through 5.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.
3646 CVE-2012-0300 264 +Info 2012-07-05 2012-07-17
3.3
None Local Network Low Not required Partial None None
Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors.
3647 CVE-2012-0250 119 DoS Overflow 2012-04-05 2018-01-17
3.3
None Local Network Low Not required None None Partial
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
3648 CVE-2012-0249 119 DoS Overflow 2012-04-05 2018-01-17
3.3
None Local Network Low Not required None None Partial
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.
3649 CVE-2012-0135 DoS 2012-04-18 2017-08-28
3.5
None Remote Medium Single system None None Partial
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors.
3650 CVE-2012-0133 Exec Code 2012-04-12 2017-08-28
3.7
None Local High Not required Partial Partial Partial
HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card.
Total number of vulnerabilities : 4305   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 (This Page)74 75 76 77 78 79 80 81 82 83 84 85 86 87
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.