LiveActive security incident?Get immediate response
CVE archive

2012 CVE Archive

Browse CVE records published in 2012 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 5488 matching CVEs · Page 4 of 110.

Unknown · CVSS Not scored

CVE-2012-4065: Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, whic...

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting.

Published Oct 1, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4483: The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussi...

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.

Published Oct 31, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4249: The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows contex...

The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248.

Published Aug 12, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4421: The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform...

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.

Published Sep 14, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-3005: Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware...

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Published Jul 26, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-0688: Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix...

Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published Mar 13, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1467: Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal System...

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

Published Sep 6, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-5875: Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer derefere...

Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version.

Published Jan 18, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-4051: Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server...

Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.

Published Sep 28, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2012-1468: Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users w...

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

Published Sep 6, 2012 · Updated Sep 17, 2024