Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
Max CVSS
7.5
EPSS Score
6.03%
Published
2012-11-30
Updated
2012-12-19
Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack.
Max CVSS
5.0
EPSS Score
0.08%
Published
2012-11-28
Updated
2012-11-29
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
Max CVSS
6.4
EPSS Score
41.71%
Published
2012-11-27
Updated
2017-08-29
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.33%
Published
2012-11-27
Updated
2017-08-29
Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.
Max CVSS
5.0
EPSS Score
11.49%
Published
2012-11-27
Updated
2012-11-27
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-11-27
Updated
2012-11-27
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
Max CVSS
10.0
EPSS Score
3.06%
Published
2012-11-27
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-11-27
Updated
2017-08-29
M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
Max CVSS
4.3
EPSS Score
2.78%
Published
2012-11-26
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2012-11-26
Updated
2017-08-29
GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file.
Max CVSS
4.3
EPSS Score
0.45%
Published
2012-11-26
Updated
2012-11-28
Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe.
Max CVSS
6.8
EPSS Score
9.80%
Published
2012-11-26
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-11-26
Updated
2017-08-29
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-11-26
Updated
2012-11-27
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
Max CVSS
6.5
EPSS Score
1.65%
Published
2012-11-26
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-11-24
Updated
2013-02-08
The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Max CVSS
4.4
EPSS Score
0.08%
Published
2012-11-23
Updated
2017-08-29
The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Max CVSS
6.9
EPSS Score
0.10%
Published
2012-11-23
Updated
2017-08-29
The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Max CVSS
4.4
EPSS Score
0.10%
Published
2012-11-23
Updated
2017-08-29
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Max CVSS
4.4
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Max CVSS
4.9
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Max CVSS
4.7
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
Max CVSS
7.2
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-11-20
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-11-19
Updated
2017-08-29
436 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!