The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
Max CVSS
3.3
EPSS Score
0.06%
Published
2012-12-31
Updated
2012-12-31
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.10%
Published
2012-12-21
Updated
2013-01-08
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.
Max CVSS
5.0
EPSS Score
0.78%
Published
2012-12-11
Updated
2012-12-11
Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files.
Max CVSS
5.0
EPSS Score
0.30%
Published
2012-12-05
Updated
2017-09-19
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.33%
Published
2012-11-27
Updated
2017-08-29
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql.
Max CVSS
5.0
EPSS Score
0.39%
Published
2012-11-17
Updated
2017-08-29
Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.30%
Published
2012-11-17
Updated
2017-08-29
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-11-17
Updated
2017-08-29
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.
Max CVSS
5.0
EPSS Score
0.29%
Published
2012-11-16
Updated
2017-08-29
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.
Max CVSS
2.6
EPSS Score
0.18%
Published
2012-12-27
Updated
2013-01-08
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message.
Max CVSS
5.0
EPSS Score
0.29%
Published
2012-12-20
Updated
2017-08-29
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
Max CVSS
4.3
EPSS Score
0.48%
Published
2012-12-26
Updated
2013-02-15
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
Max CVSS
5.0
EPSS Score
6.46%
Published
2012-12-03
Updated
2023-02-13
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
Max CVSS
3.5
EPSS Score
0.16%
Published
2012-12-26
Updated
2012-12-27
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-12-03
Updated
2012-12-04
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."
Max CVSS
5.0
EPSS Score
0.47%
Published
2012-12-03
Updated
2013-07-20
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.
Max CVSS
4.0
EPSS Score
0.14%
Published
2012-12-03
Updated
2012-12-17
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.
Max CVSS
4.0
EPSS Score
0.13%
Published
2012-11-21
Updated
2020-12-01
The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.
Max CVSS
2.6
EPSS Score
0.06%
Published
2012-12-26
Updated
2013-01-08
The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application.
Max CVSS
4.3
EPSS Score
0.06%
Published
2012-12-26
Updated
2013-01-08
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
Max CVSS
4.3
EPSS Score
0.06%
Published
2012-12-26
Updated
2013-01-08
The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application.
Max CVSS
5.0
EPSS Score
0.23%
Published
2012-11-16
Updated
2012-11-19
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
Max CVSS
5.0
EPSS Score
0.17%
Published
2012-12-05
Updated
2012-12-28
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.
Max CVSS
5.0
EPSS Score
0.19%
Published
2012-12-12
Updated
2012-12-12
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
Max CVSS
4.3
EPSS Score
0.09%
Published
2012-09-13
Updated
2012-09-14
224 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!