LiveActive security incident?Get immediate response
CVE archive

September 2012

Browse CVE records published in September 2012, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 574 matching CVEs · Page 1 of 12.

High · CVSS 7.8

CVE-2012-2897: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Wi...

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

Published Sep 26, 2012 · Updated Jan 28, 2025

Unknown · CVSS Not scored

CVE-2012-4754: Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privi...

Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mmap file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4421: The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform...

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.

Published Sep 14, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1467: Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal System...

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4051: Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server...

Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.

Published Sep 28, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1468: Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users w...

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4396: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inje...

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.

Published Sep 5, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4756: Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain p...

Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .lpp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-0820: Cross-site scripting (XSS) vulnerability in Joomla!

Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-2578: Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arb...

Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.

Published Sep 19, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1625: Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PD...

Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information.

Published Sep 20, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4759: Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.06...

Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4757: Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users t...

Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1666: Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player befor...

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

Published Sep 8, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-0821: Unspecified vulnerability in Joomla!

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1901: Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attack...

Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.

Published Sep 18, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4747: Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x...

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request.

Published Sep 4, 2012 · Updated Sep 17, 2024