LiveActive security incident?Get immediate response
CVE archive

July 2012

Browse CVE records published in July 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 491 matching CVEs · Page 2 of 10.

Unknown · CVSS Not scored

CVE-2012-1968: Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-...

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.

Published Jul 28, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-2647: Yahoo!

Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.

Published Jul 31, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-3848: Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell Soni...

Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.

Published Jul 31, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-2516: An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE I...

An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."

Published Jul 5, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-3018: The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier a...

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.

Published Jul 31, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-3805: Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions....

Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.

Published Jul 12, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-3837: Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1...

Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information.

Published Jul 3, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-2675: Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmallo...

Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

Published Jul 25, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-2515: Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in Ke...

Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.

Published Jul 5, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-3811: Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office...

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Published Jul 3, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-0215: model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not proper...

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

Published Jul 12, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2012-3073: The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager befo...

The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338.

Published Jul 12, 2012 · Updated Sep 16, 2024