| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-6337 |
200 |
|
+Info |
2012-12-31 |
2012-12-31 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. |
|
2 |
CVE-2012-6325 |
200 |
|
+Info |
2012-12-21 |
2013-01-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. |
|
3 |
CVE-2012-6313 |
200 |
|
+Info |
2012-12-11 |
2012-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. |
|
4 |
CVE-2012-6052 |
200 |
|
+Info |
2012-12-05 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. |
|
5 |
CVE-2012-6049 |
200 |
1
|
+Info |
2012-11-27 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message. |
|
6 |
CVE-2012-5968 |
20 |
|
+Info |
2012-12-19 |
2013-01-29 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. |
|
7 |
CVE-2012-5916 |
200 |
1
|
+Info |
2012-11-17 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql. |
|
8 |
CVE-2012-5915 |
200 |
1
|
+Info |
2012-11-17 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. |
|
9 |
CVE-2012-5890 |
200 |
|
+Info |
2012-11-17 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. |
|
10 |
CVE-2012-5884 |
200 |
|
+Info |
2012-11-16 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198. |
|
11 |
CVE-2012-5868 |
200 |
|
+Info |
2012-12-27 |
2013-01-08 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. |
|
12 |
CVE-2012-5765 |
200 |
|
+Info |
2012-12-20 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message. |
|
13 |
CVE-2012-5625 |
200 |
|
+Info |
2012-12-26 |
2013-02-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). |
|
14 |
CVE-2012-5615 |
200 |
|
+Info |
2012-12-03 |
2023-02-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. |
|
15 |
CVE-2012-5589 |
200 |
|
+Info |
2012-12-26 |
2012-12-27 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link. |
|
16 |
CVE-2012-5554 |
200 |
|
+Info |
2012-12-03 |
2012-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms. |
|
17 |
CVE-2012-5552 |
200 |
|
+Info |
2012-12-03 |
2013-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks." |
|
18 |
CVE-2012-5544 |
200 |
|
+Info |
2012-12-03 |
2012-12-17 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. |
|
19 |
CVE-2012-5523 |
264 |
|
+Info |
2012-11-16 |
2021-01-12 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug. |
|
20 |
CVE-2012-5512 |
16 |
|
DoS +Info |
2012-12-13 |
2017-08-29 |
3.2 |
None |
Local |
Low |
??? |
Partial |
None |
Partial |
|
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. |
|
21 |
CVE-2012-5473 |
200 |
|
+Info |
2012-11-21 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search. |
|
22 |
CVE-2012-5302 |
264 |
|
+Info |
2012-10-24 |
2013-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. |
|
23 |
CVE-2012-5301 |
310 |
|
+Info |
2012-10-04 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data. |
|
24 |
CVE-2012-5183 |
200 |
|
+Info |
2012-12-26 |
2013-01-08 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. |
|
25 |
CVE-2012-5182 |
200 |
|
+Info |
2012-12-26 |
2013-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. |
|
26 |
CVE-2012-5180 |
200 |
|
+Info |
2012-12-26 |
2013-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. |
|
27 |
CVE-2012-5179 |
264 |
|
+Info |
2012-12-26 |
2020-02-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. |
|
28 |
CVE-2012-5172 |
200 |
|
+Info |
2012-11-16 |
2012-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. |
|
29 |
CVE-2012-5055 |
200 |
|
+Info |
2012-12-05 |
2012-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. |
|
30 |
CVE-2012-4976 |
200 |
|
+Info |
2012-12-12 |
2012-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. |
|
31 |
CVE-2012-4947 |
310 |
|
+Info |
2012-11-18 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. |
|
32 |
CVE-2012-4946 |
310 |
|
+Info |
2012-11-18 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a key file and the encrypted strings. |
|
33 |
CVE-2012-4933 |
255 |
|
+Info |
2012-10-20 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. |
|
34 |
CVE-2012-4909 |
200 |
|
+Info |
2012-09-13 |
2012-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. |
|
35 |
CVE-2012-4906 |
264 |
|
+Info |
2012-09-13 |
2012-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. |
|
36 |
CVE-2012-4903 |
264 |
|
+Info |
2012-09-13 |
2012-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. |
|
37 |
CVE-2012-4862 |
255 |
|
+Info |
2012-12-05 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors. |
|
38 |
CVE-2012-4846 |
200 |
|
+Info |
2012-12-19 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. |
|
39 |
CVE-2012-4838 |
|
|
+Info |
2012-12-08 |
2021-11-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. |
|
40 |
CVE-2012-4730 |
264 |
|
+Info |
2012-11-11 |
2012-11-12 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. |
|
41 |
CVE-2012-4698 |
200 |
|
+Info |
2012-12-23 |
2013-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. |
|
42 |
CVE-2012-4674 |
200 |
|
+Info |
2012-08-26 |
2012-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. |
|
43 |
CVE-2012-4615 |
310 |
1
|
+Info |
2012-11-27 |
2013-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. |
|
44 |
CVE-2012-4610 |
255 |
|
+Info |
2012-10-31 |
2017-08-29 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. |
|
45 |
CVE-2012-4605 |
200 |
|
+Info |
2012-08-23 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. |
|
46 |
CVE-2012-4594 |
264 |
|
Bypass +Info |
2012-08-22 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. |
|
47 |
CVE-2012-4591 |
200 |
|
+Info |
2012-08-22 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. |
|
48 |
CVE-2012-4584 |
310 |
|
+Info |
2012-08-22 |
2012-10-30 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes. |
|
49 |
CVE-2012-4583 |
200 |
|
+Info |
2012-08-22 |
2012-11-20 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. |
|
50 |
CVE-2012-4553 |
264 |
|
Exec Code +Info |
2012-11-11 |
2012-11-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." |
