Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.
Published Jul 31, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
Published Jul 1, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
Published Jul 1, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.
Published Jul 1, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
Published Jul 1, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Published Jul 3, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
Published Jul 10, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560.
Published Jul 3, 2013 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
Published Jul 9, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.
Published Jul 26, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
Published Jul 24, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
Published Jul 24, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.
Published Jul 24, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
Published Jul 18, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
Published Jul 19, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
Published Jul 17, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Published Jul 19, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
Published Jul 22, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.
Published Jul 17, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Published Jul 12, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
Published Jul 12, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
Published Jul 11, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
Published Jul 11, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
Published Jul 25, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007.
Published Jul 5, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
Published Jul 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
Published Jul 3, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
Published Jul 25, 2012 · Updated Aug 6, 2024