Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3859 | 1 Netsweeper | 1 Netsweeper | 2012-07-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. | |||||
| CVE-2012-2447 | 1 Netsweeper | 1 Netsweeper | 2012-07-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. | |||||
| CVE-2012-2446 | 1 Netsweeper | 1 Netsweeper | 2012-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. | |||||
| CVE-2012-1445 | 4 Aladdin, Fortinet, Pandasecurity and 1 more | 4 Esafe, Fortinet Antivirus, Panda Antivirus and 1 more | 2012-07-09 | 4.3 MEDIUM | N/A |
| The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2012-0716 | 1 Ibm | 1 Websphere Application Server | 2012-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1493 | 1 F5 | 25 Big-ip 1000, Big-ip 11000, Big-ip 11050 and 22 more | 2012-07-09 | 7.8 HIGH | N/A |
| F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | |||||
| CVE-2012-2138 | 1 Apache | 2 Org.apache.sling.servlets.post, Sling | 2012-07-09 | 5.0 MEDIUM | N/A |
| The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. | |||||
| CVE-2012-2970 | 1 Synel | 1 Sy-780\/a Time \& Attendance Terminal | 2012-07-09 | 7.8 HIGH | N/A |
| The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735. | |||||
| CVE-2012-3238 | 2 Astaro, Sophos | 4 Security Gateway, Security Gateway Software, Unified Threat Management and 1 more | 2012-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. | |||||
| CVE-2012-2644 | 2 Hazama, Six Apart | 2 Mt4i, Movable Type | 2012-07-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642. | |||||
| CVE-2012-3372 | 1 Elitecore | 1 Cyberoam Unified Threat Management | 2012-07-09 | 5.8 MEDIUM | N/A |
| ** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key." | |||||
| CVE-2012-2642 | 2 Hazama, Six Apart | 2 Mt4i, Movable Type | 2012-07-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644. | |||||
| CVE-2012-2643 | 1 Kent-web | 1 Yy-board | 2012-07-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. | |||||
| CVE-2012-0303 | 1 Symantec | 1 Message Filter | 2012-07-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. | |||||
| CVE-2012-0301 | 1 Symantec | 1 Message Filter | 2012-07-06 | 5.4 MEDIUM | N/A |
| Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2012-2641 | 1 Zenphoto | 1 Zenphoto | 2012-07-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library. | |||||
| CVE-2012-3368 | 1 Redhat | 1 Dtach | 2012-07-03 | 2.6 LOW | N/A |
| Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. | |||||
| CVE-2011-2485 | 1 Gnome | 1 Gdk-pixbuf | 2012-07-03 | 4.3 MEDIUM | N/A |
| The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. | |||||
| CVE-2011-4415 | 1 Apache | 1 Http Server | 2012-07-02 | 1.2 LOW | N/A |
| The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. | |||||
| CVE-2011-3379 | 1 Php | 1 Php | 2012-07-02 | 7.5 HIGH | N/A |
| The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. | |||||