LiveActive security incident?Get immediate response
CVE archive

August 2012

Browse CVE records published in August 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 665 matching CVEs · Page 2 of 14.

Unknown · CVSS Not scored

CVE-2012-4249: The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows contex...

The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248.

Published Aug 12, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-3469: Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execut...

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

Published Aug 12, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-6458: Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStr...

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.

Published Aug 9, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-2990: The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as dist...

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.

Published Aug 24, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4278: Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject...

Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes parameter (b) to agentadmin.php or (c) in an addlisting action to agentadmin.php; or unspecified vectors to (d) admin/adminfeatures.php.

Published Aug 13, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-2571: Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.

Published Aug 12, 2012 · Updated Sep 17, 2024