Unknown · CVSS Not scored
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Published Jun 6, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.
Published Jun 2, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.
Published Jun 6, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
Published Jun 4, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.
Published Jun 2, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
Published Jun 20, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
Published Jun 4, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions.
Published Jun 27, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
Published Jun 4, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
Published Jun 20, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.
Published Jun 13, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.
Published Jun 5, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.
Published Jun 27, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt.
Published Jun 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory.
Published Jun 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet.
Published Jun 27, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.
Published Jun 30, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
Published Jun 27, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field.
Published Jun 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.
Published Jun 30, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.
Published Jun 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow.
Published Jun 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
Published Jun 21, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences.
Published Jun 27, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.
Published Jun 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.
Published Jun 27, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
Published Jun 17, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.
Published Jun 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.
Published Jun 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.
Published Jun 19, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
Published Jun 17, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.
Published Jun 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
Published Jun 1, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.
Published Jun 13, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jun 13, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828.
Published Jun 13, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.
Published Jun 15, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
Published Jun 7, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.
Published Jun 7, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
Published Jun 14, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101.
Published Jun 5, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
Published Jun 20, 2012 · Updated Aug 6, 2024