LiveActive security incident?Get immediate response
CVE archive

March 2012

Browse CVE records published in March 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 433 matching CVEs · Page 4 of 9.

Unknown · CVSS Not scored

CVE-2012-4836: Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 be...

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data.

Published Mar 2, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-4460: The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier...

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

Published Mar 12, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-3359: Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac sessio...

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.

Published Mar 30, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1843: Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library...

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."

Published Mar 22, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1839: Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_Cli...

Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.

Published Mar 22, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1844: The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the De...

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

Published Mar 22, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1845: Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the...

Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."

Published Mar 22, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1841: Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware...

Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.

Published Mar 22, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1846: Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by...

Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."

Published Mar 22, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1788: Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote a...

Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action.

Published Mar 19, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1842: Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with f...

Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published Mar 22, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2012-1837: The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager...

The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published Mar 22, 2012 · Updated Aug 6, 2024