CVE List - 2012 / September
Showing 101 - 200 of 655 CVEs for September 2012 (Page 2 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2012-4870 | 2012-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php;... |
| CVE-2012-2740 | 2012-09-06 | SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. |
| CVE-2012-2741 | 2012-09-06 | Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. |
| CVE-2012-4865 | 2012-09-06 | Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file. |
| CVE-2012-4867 | 2012-09-06 | Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. |
| CVE-2012-4868 | 2012-09-06 | SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2012-1107 | 2012-09-06 | The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which... |
| CVE-2012-1108 | 2012-09-06 | The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. |
| CVE-2012-1110 | 2012-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip,... |
| CVE-2012-1112 | 2012-09-06 | Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. |
| CVE-2012-1584 | 2012-09-06 | Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field... |
| CVE-2006-7247 | 2012-09-06 | SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| CVE-2012-0819 | 2012-09-06 | Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. |
| CVE-2012-0820 | 2012-09-06 | Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822. |
| CVE-2012-0821 | 2012-09-06 | Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. |
| CVE-2012-0822 | 2012-09-06 | Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. |
| CVE-2012-0835 | 2012-09-06 | Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." |
| CVE-2012-0836 | 2012-09-06 | Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. |
| CVE-2012-0837 | 2012-09-06 | Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." |
| CVE-2012-1469 | 2012-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or... |
| CVE-2012-1611 | 2012-09-06 | Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of... |
| CVE-2012-4871 | 2012-09-06 | Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter. |
| CVE-2012-4872 | 2012-09-06 | Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description. |
| CVE-2012-4875 | 2012-09-06 | Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript... |
| CVE-2012-4877 | 2012-09-06 | Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts. |
| CVE-2012-4878 | 2012-09-06 | Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. |
| CVE-2012-1467 | 2012-09-06 | Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via... |
| CVE-2012-1468 | 2012-09-06 | Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension... |
| CVE-2012-1612 | 2012-09-06 | Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-4873 | 2012-09-06 | Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. |
| CVE-2012-4874 | 2012-09-06 | Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." |
| CVE-2012-4876 | 2012-09-06 | Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. |
| CVE-2012-3013 | 2012-09-07 | WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers... |
| CVE-2012-4879 | 2012-09-07 | The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and... |
| CVE-2010-5226 | 2012-09-07 | Multiple untrusted search path vulnerabilities in Autodesk Design Review 2011 11.0.0.86 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll, (2) whiptk_wt.7.12.601.dll, or (3) xaml_wt.7.6.0.dll file in... |
| CVE-2010-5227 | 2012-09-07 | Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5228 | 2012-09-07 | Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges via a Trojan horse rio500.dll file in the current working directory, as demonstrated by a... |
| CVE-2010-5229 | 2012-09-07 | Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a... |
| CVE-2010-5230 | 2012-09-07 | Multiple untrusted search path vulnerabilities in MicroStation 7.1 allow local users to gain privileges via a Trojan horse (1) mptools.dll, (2) baseman.dll, (3) wintab32.dll, or (4) wintab.dll file in the... |
| CVE-2010-5231 | 2012-09-07 | Untrusted search path vulnerability in DivX Player 7.2.019 allows local users to gain privileges via a Trojan horse VersionCheckDLL.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5232 | 2012-09-07 | Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows local users to gain privileges via a Trojan horse ssleay32.dll file in a certain directory. NOTE: the provenance of this... |
| CVE-2010-5233 | 2012-09-07 | Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 allows local users to gain privileges via a Trojan horse HDJAPI.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5234 | 2012-09-07 | Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0.1 build 57 allow local users to gain privileges via a Trojan horse (1) MFC90ENU.DLL or (2) MFC90LOC.DLL file in the current... |
| CVE-2010-5235 | 2012-09-07 | Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows local users to gain privileges via a Trojan horse ztv7z.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5236 | 2012-09-07 | Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated... |
| CVE-2010-5237 | 2012-09-07 | Untrusted search path vulnerability in CyberLink PowerDirector 7 allows local users to gain privileges via a Trojan horse mfc71loc.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5238 | 2012-09-07 | Untrusted search path vulnerability in CyberLink PowerDirector 8.00.3022 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5239 | 2012-09-07 | Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory,... |
| CVE-2010-5240 | 2012-09-07 | Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the... |
| CVE-2010-5241 | 2012-09-07 | Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory,... |
| CVE-2010-5242 | 2012-09-07 | Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated... |
| CVE-2010-5243 | 2012-09-07 | Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory,... |
| CVE-2010-5244 | 2012-09-07 | Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 2010.7.16.52 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5245 | 2012-09-07 | Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5246 | 2012-09-07 | Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6.7.35 and 2.5.15 allow local users to gain privileges via a Trojan horse (1) RSRC32.dll or (2) dwmapi.dll file in the current... |
| CVE-2010-5247 | 2012-09-07 | Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5248 | 2012-09-07 | Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5249 | 2012-09-07 | Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 and Sophos SafeGuard PrivateCrypto 2.40.1.2 allows local users to gain privileges via a Trojan horse pcrypt0406.dll file in the current working... |
| CVE-2010-5250 | 2012-09-07 | Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory.... |
| CVE-2010-5251 | 2012-09-07 | Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working... |
| CVE-2010-5252 | 2012-09-07 | Untrusted search path vulnerability in HTTrack 3.43-9 allows local users to gain privileges via a Trojan horse httrack-plugin.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5253 | 2012-09-07 | Untrusted search path vulnerability in WinImage 8.50 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5254 | 2012-09-07 | Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory,... |
| CVE-2010-5255 | 2012-09-07 | Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5256 | 2012-09-07 | Untrusted search path vulnerability in CDisplay 1.8.1 allows local users to gain privileges via a Trojan horse TRACE32.DLL file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5257 | 2012-09-07 | Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 allow local users to gain privileges via a Trojan horse (1) srcsrv.dll or (2) GSAutoTester.DLL file in the current working... |
| CVE-2010-5258 | 2012-09-07 | Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by... |
| CVE-2010-5259 | 2012-09-07 | Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse (1) wnaspi32.dll or (2) ntaspi32.dll file in the current working directory, as... |
| CVE-2010-5260 | 2012-09-07 | Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5261 | 2012-09-07 | Untrusted search path vulnerability in SnowFox Total Video Converter 2.5.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5262 | 2012-09-07 | Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in Gromada Multimedia Conversion Library 5.4.0 allow local users to gain privileges via a Trojan horse (1) libgif-1.1.0.dll or (2) libhav-1.0.1.dll file in... |
| CVE-2010-5263 | 2012-09-07 | Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Build 610 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated... |
| CVE-2010-5264 | 2012-09-07 | Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ProfUIS290m.dll and ProfUIS290m-RDE.dll in Prof-UIS before 2.9.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the... |
| CVE-2010-5265 | 2012-09-07 | Untrusted search path vulnerability in SmartSniff 1.71 allows local users to gain privileges via a Trojan horse wpcap.dll file in the current working directory, as demonstrated by a directory that... |
| CVE-2010-5266 | 2012-09-07 | Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2010-5267 | 2012-09-07 | Untrusted search path vulnerability in MunSoft Easy Office Recovery 1.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by... |
| CVE-2010-5268 | 2012-09-07 | Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated... |
| CVE-2010-5269 | 2012-09-07 | Untrusted search path vulnerability in tbb.dll in Intel Threading Building Blocks (TBB) 2.2.013 allows local users to gain privileges via a Trojan horse tbbmalloc.dll file in the current working directory,... |
| CVE-2010-5270 | 2012-09-07 | Multiple untrusted search path vulnerabilities in Adobe Device Central CS4 2.0.0 0476 allow local users to gain privileges via a Trojan horse (1) ibfs32.dll or (2) amt_cdb.dll file in the... |
| CVE-2010-5271 | 2012-09-07 | Untrusted search path vulnerability in Altova MapForce 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated... |
| CVE-2010-5272 | 2012-09-07 | Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated... |
| CVE-2010-5273 | 2012-09-07 | Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated... |
| CVE-2010-5274 | 2012-09-07 | Untrusted search path vulnerability in PKZIP before 12.50.0014 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory... |
| CVE-2011-5158 | 2012-09-07 | Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2)... |
| CVE-2012-4880 | 2012-09-07 | Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1)... |
| CVE-2012-4881 | 2012-09-07 | Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by... |
| CVE-2012-4882 | 2012-09-07 | Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working... |
| CVE-2012-4883 | 2012-09-07 | Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the... |
| CVE-2012-4388 | 2012-09-07 | The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to... |
| CVE-2012-3255 | 2012-09-08 | Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-3256 | 2012-09-08 | Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2012-3257 | 2012-09-08 | HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. |
| CVE-2012-0254 | 2012-09-08 | Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and... |
| CVE-2012-1666 | 2012-09-08 | Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3... |
| CVE-2012-3004 | 2012-09-08 | Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or... |
| CVE-2012-4011 | 2012-09-08 | The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. |
| CVE-2012-4012 | 2012-09-08 | The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places... |
| CVE-2011-5160 | 2012-09-09 | Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. |
| CVE-2011-5161 | 2012-09-09 | Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by... |
| CVE-2012-1151 | 2012-09-09 | Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash)... |