Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5584 | 2 Drupal, M2osw | 2 Drupal, Tableofcontents | 2013-01-07 | 4.3 MEDIUM | N/A |
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. | |||||
CVE-2012-5587 | 2 Drupal, Epiqo | 2 Drupal, Email | 2013-01-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. | |||||
CVE-2012-5868 | 1 Wordpress | 1 Wordpress | 2013-01-07 | 2.6 LOW | N/A |
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. | |||||
CVE-2012-6325 | 1 Vmware | 1 Vcenter Server Appliance | 2013-01-07 | 4.0 MEDIUM | N/A |
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
CVE-2012-6336 | 1 Lookout | 1 Lookout | 2013-01-07 | 3.3 LOW | N/A |
The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | |||||
CVE-2012-6348 | 1 Centrify | 2 Centrify Deployment Manager, Centrify Suite | 2013-01-07 | 3.3 LOW | N/A |
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file. | |||||
CVE-2012-6428 | 1 Carlosgavazzi | 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware | 2013-01-07 | 10.0 HIGH | N/A |
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862. | |||||
CVE-2012-4555 | 1 Redhat | 1 Certificate System | 2013-01-07 | 4.0 MEDIUM | N/A |
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors. | |||||
CVE-2011-4316 | 1 Redhat | 1 Enterprise Virtualization Manager | 2013-01-07 | 3.7 LOW | N/A |
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | |||||
CVE-2012-5655 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2013-01-06 | 5.0 MEDIUM | N/A |
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. | |||||
CVE-2012-6082 | 1 Moinmo | 1 Moinmoin | 2013-01-06 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. | |||||
CVE-2012-6426 | 1 Lemonldap-ng | 1 Lemonldap\ | 2013-01-06 | 7.5 HIGH | N/A |
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. | |||||
CVE-2012-6431 | 1 Sensiolabs | 1 Symfony | 2013-01-06 | 6.4 MEDIUM | N/A |
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. | |||||
CVE-2012-6433 | 1 E107 | 1 E107 | 2013-01-06 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action. | |||||
CVE-2012-6434 | 1 E107 | 1 E107 | 2013-01-06 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter. | |||||
CVE-2012-6495 | 1 Moinmo | 1 Moinmoin | 2013-01-06 | 6.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. | |||||
CVE-2012-6090 | 1 Swi-prolog | 1 Swi-prolog | 2013-01-04 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename. | |||||
CVE-2012-6089 | 1 Swi-prolog | 1 Swi-prolog | 2013-01-04 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename. | |||||
CVE-2009-4396 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2013-01-03 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2010-3245 | 1 Blackboard | 1 Transact Suite | 2013-01-03 | 2.1 LOW | N/A |
The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. |