| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
49851 |
CVE-2012-2354 |
264 |
|
Bypass |
2012-07-20 |
2012-07-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. |
|
49852 |
CVE-2012-2353 |
200 |
|
+Info |
2012-07-20 |
2012-08-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. |
|
49853 |
CVE-2012-2351 |
284 |
|
|
2012-07-12 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. |
|
49854 |
CVE-2012-2341 |
352 |
|
CSRF |
2012-05-18 |
2017-12-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. |
|
49855 |
CVE-2012-2340 |
264 |
|
|
2012-05-21 |
2012-06-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. |
|
49856 |
CVE-2012-2339 |
79 |
|
XSS |
2012-05-21 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." |
|
49857 |
CVE-2012-2336 |
20 |
|
DoS |
2012-05-11 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. |
|
49858 |
CVE-2012-2334 |
189 |
|
DoS Exec Code Overflow |
2012-06-19 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow. |
|
49859 |
CVE-2012-2333 |
189 |
|
DoS |
2012-05-14 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. |
|
49860 |
CVE-2012-2331 |
79 |
|
XSS CSRF |
2012-08-13 |
2012-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). |
|
49861 |
CVE-2012-2330 |
20 |
|
+Info |
2012-08-13 |
2012-08-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string. |
|
49862 |
CVE-2012-2329 |
119 |
|
DoS Overflow |
2012-05-11 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. |
|
49863 |
CVE-2012-2328 |
310 |
|
DoS |
2014-02-10 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. |
|
49864 |
CVE-2012-2327 |
200 |
|
+Info |
2012-08-13 |
2012-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. |
|
49865 |
CVE-2012-2326 |
79 |
|
XSS |
2012-08-13 |
2012-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment. |
|
49866 |
CVE-2012-2322 |
189 |
|
DoS Overflow |
2012-05-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet. |
|
49867 |
CVE-2012-2318 |
20 |
|
DoS |
2012-07-03 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. |
|
49868 |
CVE-2012-2317 |
310 |
|
Bypass |
2012-08-07 |
2012-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing. |
|
49869 |
CVE-2012-2316 |
352 |
|
Exec Code XSS CSRF |
2012-09-09 |
2012-09-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. |
|
49870 |
CVE-2012-2315 |
264 |
|
|
2012-09-09 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action. |
|
49871 |
CVE-2012-2314 |
264 |
|
|
2012-07-03 |
2012-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. |
|
49872 |
CVE-2012-2313 |
264 |
|
|
2012-06-13 |
2016-09-06 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. |
|
49873 |
CVE-2012-2310 |
79 |
|
XSS |
2012-07-25 |
2012-08-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. |
|
49874 |
CVE-2012-2309 |
79 |
|
XSS |
2012-07-25 |
2012-07-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. |
|
49875 |
CVE-2012-2308 |
79 |
|
XSS |
2012-07-25 |
2017-08-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. |
|
49876 |
CVE-2012-2307 |
352 |
|
CSRF |
2012-07-25 |
2012-07-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
49877 |
CVE-2012-2305 |
352 |
|
CSRF |
2012-07-25 |
2012-08-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. |
|
49878 |
CVE-2012-2304 |
264 |
|
+Info |
2012-08-14 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors. |
|
49879 |
CVE-2012-2302 |
200 |
|
+Info |
2012-07-25 |
2012-08-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. |
|
49880 |
CVE-2012-2301 |
94 |
|
Exec Code |
2014-11-15 |
2014-11-19 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors. |
|
49881 |
CVE-2012-2300 |
79 |
|
XSS |
2012-08-14 |
2012-08-15 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
49882 |
CVE-2012-2299 |
255 |
|
+Info |
2012-08-14 |
2012-08-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. |
|
49883 |
CVE-2012-2298 |
79 |
|
XSS |
2012-08-14 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." |
|
49884 |
CVE-2012-2297 |
79 |
|
XSS |
2012-08-26 |
2017-08-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. |
|
49885 |
CVE-2012-2296 |
200 |
|
+Info |
2012-07-25 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability. |
|
49886 |
CVE-2012-2294 |
20 |
|
|
2013-02-06 |
2013-02-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. |
|
49887 |
CVE-2012-2293 |
22 |
|
Exec Code Dir. Trav. |
2013-02-06 |
2013-02-07 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path. |
|
49888 |
CVE-2012-2286 |
|
|
+Info |
2012-10-10 |
2013-02-12 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. |
|
49889 |
CVE-2012-2285 |
287 |
|
|
2012-08-29 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase. |
|
49890 |
CVE-2012-2284 |
255 |
|
|
2012-10-18 |
2013-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. |
|
49891 |
CVE-2012-2283 |
|
|
|
2012-08-16 |
2012-08-16 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors. |
|
49892 |
CVE-2012-2282 |
264 |
|
|
2012-07-16 |
2013-03-21 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. |
|
49893 |
CVE-2012-2281 |
287 |
|
|
2012-07-05 |
2013-03-21 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
|
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. |
|
49894 |
CVE-2012-2280 |
|
|
|
2012-07-13 |
2012-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." |
|
49895 |
CVE-2012-2279 |
20 |
|
|
2012-07-13 |
2012-07-16 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
49896 |
CVE-2012-2278 |
79 |
|
XSS |
2012-07-13 |
2012-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
49897 |
CVE-2012-2275 |
352 |
2
|
CSRF |
2012-09-15 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php. |
|
49898 |
CVE-2012-2274 |
79 |
|
XSS |
2012-08-13 |
2012-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
|
49899 |
CVE-2012-2273 |
94 |
|
DoS |
2012-04-20 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. |
|
49900 |
CVE-2012-2270 |
20 |
1
|
|
2012-04-20 |
2018-01-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. |
