Unknown · CVSS Not scored
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248.
Published Aug 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.
Published Aug 16, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.
Published Aug 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
Published Aug 19, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
Published Aug 22, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
Published Aug 31, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278.
Published Aug 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Aug 15, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
Published Aug 26, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.
Published Aug 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.
Published Aug 9, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Published Aug 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Published Aug 31, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file.
Published Aug 20, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.
Published Aug 7, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Aug 7, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors.
Published Aug 28, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message.
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack.
Published Aug 20, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.
Published Aug 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
Published Aug 28, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors.
Published Aug 15, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
Published Aug 26, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.
Published Aug 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.
Published Aug 24, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
Published Aug 31, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest".
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.
Published Aug 17, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Published Aug 25, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.
Published Aug 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session.
Published Aug 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2046.
Published Aug 15, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors.
Published Aug 31, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Aug 15, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.
Published Aug 10, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
Published Aug 25, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
Published Aug 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
Published Aug 14, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes parameter (b) to agentadmin.php or (c) in an addlisting action to agentadmin.php; or unspecified vectors to (d) admin/adminfeatures.php.
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
Published Aug 25, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Aug 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
Published Aug 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.
Published Aug 6, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
Published Aug 20, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command.
Published Aug 22, 2012 · Updated Sep 17, 2024