Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.
Max CVSS
6.8
EPSS Score
0.28%
Published
2012-12-27
Updated
2012-12-27
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Max CVSS
6.4
EPSS Score
0.16%
Published
2012-12-27
Updated
2013-01-07
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
Max CVSS
10.0
EPSS Score
0.26%
Published
2012-12-23
Updated
2013-01-08
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.
Max CVSS
7.5
EPSS Score
0.09%
Published
2012-12-23
Updated
2012-12-24
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
Max CVSS
9.3
EPSS Score
0.09%
Published
2012-12-18
Updated
2012-12-21
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.
Max CVSS
5.0
EPSS Score
0.23%
Published
2012-12-26
Updated
2017-08-29
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.
Max CVSS
5.0
EPSS Score
0.78%
Published
2012-12-11
Updated
2012-12-11

CVE-2012-6301

Public exploit
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
Max CVSS
5.0
EPSS Score
6.04%
Published
2012-12-10
Updated
2012-12-11
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.
Max CVSS
10.0
EPSS Score
0.31%
Published
2012-12-26
Updated
2018-08-13
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.
Max CVSS
10.0
EPSS Score
0.18%
Published
2012-12-26
Updated
2018-08-13
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.
Max CVSS
9.3
EPSS Score
0.53%
Published
2012-12-20
Updated
2017-11-17
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack.
Max CVSS
9.3
EPSS Score
0.44%
Published
2012-12-20
Updated
2017-11-17
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Max CVSS
10.0
EPSS Score
0.31%
Published
2012-12-04
Updated
2012-12-05

CVE-2012-6066

Public exploit
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Max CVSS
9.3
EPSS Score
24.32%
Published
2012-12-04
Updated
2012-12-05
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
Max CVSS
7.5
EPSS Score
6.03%
Published
2012-11-30
Updated
2012-12-19
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Max CVSS
5.0
EPSS Score
1.43%
Published
2012-12-05
Updated
2017-09-19
The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet.
Max CVSS
5.0
EPSS Score
1.38%
Published
2012-12-05
Updated
2017-09-19
Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Max CVSS
5.0
EPSS Score
1.95%
Published
2012-12-05
Updated
2017-09-19
The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Max CVSS
5.0
EPSS Score
1.33%
Published
2012-12-05
Updated
2017-09-19
Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value.
Max CVSS
5.0
EPSS Score
2.00%
Published
2012-12-05
Updated
2017-09-19
The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet.
Max CVSS
5.0
EPSS Score
0.41%
Published
2012-12-05
Updated
2017-09-19
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.
Max CVSS
5.0
EPSS Score
0.40%
Published
2012-12-05
Updated
2017-09-19
epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field.
Max CVSS
5.0
EPSS Score
0.77%
Published
2012-12-05
Updated
2017-09-19
The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.
Max CVSS
5.0
EPSS Score
0.41%
Published
2012-12-05
Updated
2017-09-19
epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field.
Max CVSS
5.0
EPSS Score
0.41%
Published
2012-12-05
Updated
2017-09-19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!