LiveActive security incident?Get immediate response
CVE archive

February 2012

Browse CVE records published in February 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 424 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2012-0352: Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on...

Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991.

Published Feb 16, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-1227: Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers...

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.

Published Feb 21, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-1019: Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to injec...

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. NOTE: some of these details are obtained from third party information.

Published Feb 8, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-0757: The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute ar...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.

Published Feb 15, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-6531: (1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12....

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.

Published Feb 13, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-1060: Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the...

Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.

Published Feb 14, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-3536: Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache...

Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.

Published Feb 27, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-1191: The resolver in dnscache in Daniel J.

The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

Published Feb 17, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-4694: Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SS...

Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

Published Feb 15, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-4352: Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote att...

Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp.

Published Feb 18, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-0760: The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute ar...

The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.

Published Feb 15, 2012 · Updated Sep 16, 2024

Medium · CVSS 4

CVE-2012-10007: madgicweb BuddyStream Plugin ShareBox.php cross site scripting

A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The patch is named 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.

Published Feb 19, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6532: (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1....

(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.

Published Feb 13, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-6152: The Yahoo!

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.

Published Feb 6, 2014 · Updated Aug 6, 2024