CVE-2012-5692

Public exploit
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
95.03%
Published
2012-10-31
Updated
2020-06-03

CVE-2012-5223

Public exploit
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
Max CVSS
7.5
EPSS Score
91.80%
Published
2012-10-01
Updated
2017-08-29

CVE-2012-5088

Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Max CVSS
10.0
EPSS Score
92.59%
Published
2012-10-16
Updated
2017-09-19

CVE-2012-5081

Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
Max CVSS
5.0
EPSS Score
4.21%
Published
2012-10-16
Updated
2022-05-13

CVE-2012-5076

Known exploited
Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Max CVSS
10.0
EPSS Score
97.14%
Published
2012-10-16
Updated
2017-09-19
CISA KEV Added
2022-03-28

CVE-2012-4940

Public exploit
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
Max CVSS
6.4
EPSS Score
16.41%
Published
2012-10-31
Updated
2013-02-26

CVE-2012-4933

Public exploit
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
Max CVSS
7.8
EPSS Score
97.12%
Published
2012-10-20
Updated
2017-08-29

CVE-2012-3993

Public exploit
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
Max CVSS
9.3
EPSS Score
1.47%
Published
2012-10-10
Updated
2020-08-13

CVE-2012-3153

Public exploit
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.
Max CVSS
6.4
EPSS Score
95.99%
Published
2012-10-16
Updated
2017-08-29

CVE-2012-3152

Known exploited
Public exploit
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.
Max CVSS
6.4
EPSS Score
97.39%
Published
2012-10-16
Updated
2017-08-29
CISA KEV Added
2021-11-03

CVE-2012-3001

Public exploit
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
Max CVSS
8.5
EPSS Score
21.14%
Published
2012-10-22
Updated
2013-03-02

CVE-2012-1533

Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.
Max CVSS
10.0
EPSS Score
52.61%
Published
2012-10-16
Updated
2022-05-13

CVE-2012-1153

Public exploit
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
Max CVSS
6.8
EPSS Score
94.21%
Published
2012-10-06
Updated
2017-08-29

CVE-2011-5227

Public exploit
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
Max CVSS
10.0
EPSS Score
90.71%
Published
2012-10-25
Updated
2017-08-29

CVE-2011-4929

Public exploit
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
Max CVSS
7.5
EPSS Score
95.94%
Published
2012-10-08
Updated
2012-10-09
Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
Max CVSS
4.3
EPSS Score
4.36%
Published
2012-10-25
Updated
2012-11-08
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
Max CVSS
6.8
EPSS Score
70.17%
Published
2012-10-31
Updated
2017-08-29
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
Max CVSS
4.3
EPSS Score
88.03%
Published
2012-10-26
Updated
2017-09-19
The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files.
Max CVSS
4.3
EPSS Score
0.12%
Published
2012-10-24
Updated
2021-11-22
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-10-22
Updated
2017-08-29
user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.
Max CVSS
6.5
EPSS Score
0.54%
Published
2012-10-22
Updated
2013-04-11
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
Max CVSS
6.5
EPSS Score
0.16%
Published
2012-10-22
Updated
2013-04-11
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
Max CVSS
4.3
EPSS Score
0.70%
Published
2012-10-22
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
Max CVSS
3.5
EPSS Score
0.12%
Published
2012-10-24
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
Max CVSS
6.8
EPSS Score
0.57%
Published
2012-10-24
Updated
2017-08-29
553 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!