Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.
Max CVSS
4.3
EPSS Score
0.11%
Published
2012-12-31
Updated
2012-12-31
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.
Max CVSS
6.8
EPSS Score
0.28%
Published
2012-12-27
Updated
2012-12-27
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Max CVSS
6.4
EPSS Score
0.16%
Published
2012-12-27
Updated
2013-01-07
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
Max CVSS
10.0
EPSS Score
0.26%
Published
2012-12-23
Updated
2013-01-08
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.
Max CVSS
7.5
EPSS Score
0.09%
Published
2012-12-23
Updated
2012-12-24
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
Max CVSS
9.3
EPSS Score
0.09%
Published
2012-12-18
Updated
2012-12-21
The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366.
Max CVSS
3.3
EPSS Score
0.11%
Published
2012-12-31
Updated
2013-01-02
Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action.
Max CVSS
4.3
EPSS Score
0.21%
Published
2012-12-28
Updated
2020-01-22
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
Max CVSS
4.3
EPSS Score
0.16%
Published
2012-12-31
Updated
2012-12-31
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
Max CVSS
3.3
EPSS Score
0.06%
Published
2012-12-31
Updated
2012-12-31
The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Max CVSS
3.3
EPSS Score
0.05%
Published
2012-12-31
Updated
2013-01-08
The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Max CVSS
3.3
EPSS Score
0.05%
Published
2012-12-31
Updated
2012-12-31
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Max CVSS
2.9
EPSS Score
0.05%
Published
2012-12-31
Updated
2015-11-10
Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.
Max CVSS
4.7
EPSS Score
0.06%
Published
2012-12-13
Updated
2017-08-29
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.10%
Published
2012-12-21
Updated
2013-01-08
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.10%
Published
2012-12-21
Updated
2018-12-06
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.
Max CVSS
5.0
EPSS Score
0.23%
Published
2012-12-26
Updated
2017-08-29
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.
Max CVSS
5.0
EPSS Score
0.78%
Published
2012-12-11
Updated
2012-12-11
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.
Max CVSS
4.3
EPSS Score
0.14%
Published
2012-12-11
Updated
2012-12-28

CVE-2012-6301

Public exploit
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
Max CVSS
5.0
EPSS Score
6.04%
Published
2012-12-10
Updated
2012-12-11
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.
Max CVSS
10.0
EPSS Score
0.31%
Published
2012-12-26
Updated
2018-08-13
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.
Max CVSS
10.0
EPSS Score
0.18%
Published
2012-12-26
Updated
2018-08-13
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.
Max CVSS
9.3
EPSS Score
0.53%
Published
2012-12-20
Updated
2017-11-17
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack.
Max CVSS
9.3
EPSS Score
0.44%
Published
2012-12-20
Updated
2017-11-17
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Max CVSS
10.0
EPSS Score
0.31%
Published
2012-12-04
Updated
2012-12-05
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!