Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-08-31
Updated
2012-09-03
Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2012-08-31
Updated
2018-08-13
Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-08-31
Updated
2017-08-29
Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters.
Max CVSS
7.5
EPSS Score
0.56%
Published
2012-08-31
Updated
2017-08-29
The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.62%
Published
2012-08-31
Updated
2012-09-03
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-08-31
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-08-31
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
Max CVSS
4.3
EPSS Score
0.49%
Published
2012-08-31
Updated
2017-08-29
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
Max CVSS
6.0
EPSS Score
0.80%
Published
2012-08-31
Updated
2013-04-19
The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations.
Max CVSS
3.3
EPSS Score
0.06%
Published
2012-08-29
Updated
2017-08-29
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-08-28
Updated
2012-08-29
Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.
Max CVSS
4.3
EPSS Score
0.53%
Published
2012-08-28
Updated
2017-08-29

CVE-2012-4681

Known exploited
Public exploit
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
Max CVSS
10.0
EPSS Score
97.52%
Published
2012-08-28
Updated
2022-12-21
CISA KEV Added
2022-03-03
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
Max CVSS
4.3
EPSS Score
6.05%
Published
2012-08-27
Updated
2013-07-25
Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.
Max CVSS
4.3
EPSS Score
0.34%
Published
2012-08-27
Updated
2017-08-29
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
Max CVSS
5.0
EPSS Score
1.82%
Published
2012-08-26
Updated
2012-08-27
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
Max CVSS
4.4
EPSS Score
0.04%
Published
2012-08-26
Updated
2012-08-27
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
Max CVSS
1.2
EPSS Score
0.04%
Published
2012-08-26
Updated
2012-08-27
Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-08-26
Updated
2017-08-29
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-08-26
Updated
2012-08-27
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477.
Max CVSS
7.5
EPSS Score
0.14%
Published
2012-08-26
Updated
2012-08-27
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
Max CVSS
5.8
EPSS Score
0.17%
Published
2012-08-25
Updated
2017-08-29
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
Max CVSS
5.8
EPSS Score
0.08%
Published
2012-08-25
Updated
2012-08-27
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
Max CVSS
6.4
EPSS Score
0.31%
Published
2012-08-25
Updated
2017-08-29
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
Max CVSS
5.8
EPSS Score
0.08%
Published
2012-08-25
Updated
2012-08-27
735 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!