CVE List - 2012 / September
Showing 1 - 100 of 655 CVEs for September 2012 (Page 1 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2012-2288 | 2012-09-04 | Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string... |
| CVE-2012-3582 | 2012-09-04 | Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic... |
| CVE-2012-3981 | 2012-09-04 | Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username,... |
| CVE-2012-3014 | 2012-09-04 | The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via... |
| CVE-2012-4747 | 2012-09-04 | Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient... |
| CVE-2012-1605 | 2012-09-04 | The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related... |
| CVE-2012-1606 | 2012-09-04 | Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject... |
| CVE-2012-1607 | 2012-09-04 | The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a... |
| CVE-2012-1608 | 2012-09-04 | The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and... |
| CVE-2012-1613 | 2012-09-04 | Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. |
| CVE-2012-1614 | 2012-09-04 | Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an... |
| CVE-2012-2109 | 2012-09-04 | SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. |
| CVE-2012-2063 | 2012-09-05 | The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2012-2066 | 2012-09-05 | Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote... |
| CVE-2012-2067 | 2012-09-05 | Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows... |
| CVE-2012-2068 | 2012-09-05 | Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script... |
| CVE-2012-2064 | 2012-09-05 | Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| CVE-2012-2065 | 2012-09-05 | Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web... |
| CVE-2011-4448 | 2012-09-05 | SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action. |
| CVE-2011-4449 | 2012-09-05 | actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it... |
| CVE-2011-4450 | 2012-09-05 | Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as... |
| CVE-2011-4451 | 2012-09-05 | libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in... |
| CVE-2011-4452 | 2012-09-05 | Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts... |
| CVE-2012-3012 | 2012-09-05 | The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a... |
| CVE-2012-3509 | 2012-09-05 | Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a... |
| CVE-2012-3526 | 2012-09-05 | The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple... |
| CVE-2012-3527 | 2012-09-05 | view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute... |
| CVE-2012-3528 | 2012-09-05 | Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script... |
| CVE-2012-3529 | 2012-09-05 | The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified... |
| CVE-2012-3530 | 2012-09-05 | Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via... |
| CVE-2012-3531 | 2012-09-05 | Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2012-3535 | 2012-09-05 | Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. |
| CVE-2012-3537 | 2012-09-05 | The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of... |
| CVE-2012-3540 | 2012-09-05 | Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the... |
| CVE-2012-4386 | 2012-09-05 | The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks... |
| CVE-2012-4387 | 2012-09-05 | Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. |
| CVE-2010-4818 | 2012-09-05 | The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that... |
| CVE-2010-4819 | 2012-09-05 | The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash)... |
| CVE-2011-3146 | 2012-09-05 | librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary... |
| CVE-2012-3542 | 2012-09-05 | OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update... |
| CVE-2012-3551 | 2012-09-05 | Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter... |
| CVE-2012-4389 | 2012-09-05 | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded... |
| CVE-2012-4390 | 2012-09-05 | (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. |
| CVE-2012-4391 | 2012-09-05 | Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. |
| CVE-2012-4392 | 2012-09-05 | index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. |
| CVE-2012-4393 | 2012-09-05 | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3)... |
| CVE-2012-4394 | 2012-09-05 | Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
| CVE-2012-4395 | 2012-09-05 | Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. |
| CVE-2012-4396 | 2012-09-05 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3)... |
| CVE-2012-4397 | 2012-09-05 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in... |
| CVE-2012-4752 | 2012-09-05 | appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote... |
| CVE-2012-4753 | 2012-09-05 | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2010-5213 | 2012-09-06 | Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1.3144.1.471865 allows local users to gain privileges via a Trojan horse .dll file in the current working directory, as demonstrated by a... |
| CVE-2011-5157 | 2012-09-06 | Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to... |
| CVE-2010-5195 | 2012-09-06 | Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5196 | 2012-09-06 | Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5197 | 2012-09-06 | Untrusted search path vulnerability in Pixia 4.70j allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5198 | 2012-09-06 | Multiple untrusted search path vulnerabilities in Intuit QuickBooks 2010 allow local users to gain privileges via a Trojan horse (1) dbicudtx11.dll, (2) mfc90enu.dll, or (3) mfc90loc.dll file in the current... |
| CVE-2010-5199 | 2012-09-06 | Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 allows local users to gain privileges via a Trojan horse bwsconst.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5200 | 2012-09-06 | Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a... |
| CVE-2010-5201 | 2012-09-06 | Untrusted search path vulnerability in MAGIX Samplitude Producer 11 allows local users to gain privileges via a Trojan horse PlayRIplA6.dll file in the current working directory, as demonstrated by a... |
| CVE-2010-5202 | 2012-09-06 | Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5203 | 2012-09-06 | Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build... |
| CVE-2010-5204 | 2012-09-06 | Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current... |
| CVE-2010-5205 | 2012-09-06 | Multiple untrusted search path vulnerabilities in e-press ONE Office Author allow local users to gain privileges via a Trojan horse (1) java_msci.dll or (2) msci_java.dll file in the current working... |
| CVE-2010-5206 | 2012-09-06 | Multiple untrusted search path vulnerabilities in e-press ONE Office E-NoteTaker and E-Zip allow local users to gain privileges via a Trojan horse (1) mfc71enu.dll or (2) mfc71loc.dll file in the... |
| CVE-2010-5207 | 2012-09-06 | Multiple untrusted search path vulnerabilities in CelFrame Office 2008 Standard Edition allow local users to gain privileges via a Trojan horse (1) java_msci.dll or (2) msci_java.dll file in the current... |
| CVE-2010-5208 | 2012-09-06 | Multiple untrusted search path vulnerabilities in the (1) Presentation, (2) Writer, and (3) Spreadsheets components in Kingsoft Office 2010 6.6.0.2477 allow local users to gain privileges via a Trojan horse... |
| CVE-2010-5209 | 2012-09-06 | Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) exceptiondumpdll.dll file in the current working... |
| CVE-2010-5210 | 2012-09-06 | Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5211 | 2012-09-06 | Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5212 | 2012-09-06 | Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9.0.0.20091029.1.612548 allows local users to gain privileges via a Trojan horse objectassisten_US.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5214 | 2012-09-06 | Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a... |
| CVE-2010-5215 | 2012-09-06 | Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 2009.11.30 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) SWiSHmax3res.dll file in the current working... |
| CVE-2010-5216 | 2012-09-06 | Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 allows local users to gain privileges via a Trojan horse myuser.dll file in the current working directory, as demonstrated by a... |
| CVE-2010-5217 | 2012-09-06 | Multiple untrusted search path vulnerabilities in TuneUp Utilities 2009 8.0.3310 and 2010 9.0.4600 allow local users to gain privileges via a Trojan horse (1) wscapi.dll or (2) vclib32.dll file in... |
| CVE-2010-5218 | 2012-09-06 | Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5219 | 2012-09-06 | Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5220 | 2012-09-06 | Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a... |
| CVE-2010-5221 | 2012-09-06 | Untrusted search path vulnerability in STDU Explorer 1.0.201 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: some of these details... |
| CVE-2010-5222 | 2012-09-06 | Untrusted search path vulnerability in Ease Jukebox 1.40 allows local users to gain privileges via a Trojan horse wmaudsdk.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5223 | 2012-09-06 | Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse (1) wbtrv32.dll or (2) w3btrv7.dll file in the current working... |
| CVE-2010-5224 | 2012-09-06 | Untrusted search path vulnerability in Cool iPhone Ringtone Maker 2.2.3 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5225 | 2012-09-06 | Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local users to gain privileges via a Trojan horse BESExtension.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2011-5151 | 2012-09-06 | Untrusted search path vulnerability in ACDSee Picture Frame Manager 1.0 Build 81 allows local users to gain privileges via a Trojan horse ShellIntMgrPFMU.dll file in the current working directory, as... |
| CVE-2011-5152 | 2012-09-06 | Multiple untrusted search path vulnerabilities in ACDSee Photo Editor 2008 5.x build 291 allow local users to gain privileges via a Trojan horse (1) Wintab32.dll or (2) CV11-DialogEditor.dll file in... |
| CVE-2011-5153 | 2012-09-06 | Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a... |
| CVE-2011-5154 | 2012-09-06 | Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in... |
| CVE-2011-5155 | 2012-09-06 | Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated... |
| CVE-2011-5156 | 2012-09-06 | Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a... |
| CVE-2012-4754 | 2012-09-06 | Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory,... |
| CVE-2012-4755 | 2012-09-06 | Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated... |
| CVE-2012-4756 | 2012-09-06 | Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory,... |
| CVE-2012-4757 | 2012-09-06 | Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current... |
| CVE-2012-4758 | 2012-09-06 | Multiple untrusted search path vulnerabilities in CyberLink PowerProducer 5.5.3.2325 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory,... |
| CVE-2012-4759 | 2012-09-06 | Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working... |
| CVE-2012-2069 | 2012-09-06 | Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests... |
| CVE-2012-4864 | 2012-09-06 | Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file. |
| CVE-2012-4866 | 2012-09-06 | Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the... |
| CVE-2012-4869 | 2012-09-06 | The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. |