CVE List - 2012 / September
Showing 501 - 600 of 655 CVEs for September 2012 (Page 6 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2012-3719 | 2012-09-20 | Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers... |
| CVE-2012-3721 | 2012-09-20 | Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. |
| CVE-2012-3722 | 2012-09-20 | The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary... |
| CVE-2012-3723 | 2012-09-20 | Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a... |
| CVE-2012-3724 | 2012-09-20 | CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an... |
| CVE-2012-3725 | 2012-09-20 | The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might... |
| CVE-2012-3726 | 2012-09-20 | Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. |
| CVE-2012-3727 | 2012-09-20 | Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. |
| CVE-2012-3728 | 2012-09-20 | The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes... |
| CVE-2012-3729 | 2012-09-20 | The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout... |
| CVE-2012-3730 | 2012-09-20 | Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used... |
| CVE-2012-3731 | 2012-09-20 | Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified... |
| CVE-2012-3732 | 2012-09-20 | Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in... |
| CVE-2012-3733 | 2012-09-20 | Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which... |
| CVE-2012-3734 | 2012-09-20 | Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or... |
| CVE-2012-3735 | 2012-09-20 | The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently... |
| CVE-2012-3737 | 2012-09-20 | The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. |
| CVE-2012-3738 | 2012-09-20 | The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access... |
| CVE-2012-3741 | 2012-09-20 | The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended... |
| CVE-2012-3742 | 2012-09-20 | Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof... |
| CVE-2012-3743 | 2012-09-20 | The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that... |
| CVE-2012-3744 | 2012-09-20 | Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which... |
| CVE-2012-3745 | 2012-09-20 | Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an... |
| CVE-2012-3746 | 2012-09-20 | UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to... |
| CVE-2012-3747 | 2012-09-20 | WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2012-0650 | 2012-09-20 | Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)... |
| CVE-2012-3720 | 2012-09-20 | Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote... |
| CVE-2012-3736 | 2012-09-20 | The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. |
| CVE-2012-3739 | 2012-09-20 | The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. |
| CVE-2012-3740 | 2012-09-20 | The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
| CVE-2012-1529 | 2012-09-21 | Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was... |
| CVE-2012-2546 | 2012-09-21 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use... |
| CVE-2012-2548 | 2012-09-21 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After... |
| CVE-2012-2557 | 2012-09-21 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode... |
| CVE-2012-3137 | 2012-09-21 | The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information... |
| CVE-2011-5194 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a... |
| CVE-2011-5195 | 2012-09-23 | Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload... |
| CVE-2011-5196 | 2012-09-23 | Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload... |
| CVE-2011-5197 | 2012-09-23 | Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload... |
| CVE-2011-5198 | 2012-09-23 | SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from... |
| CVE-2011-5199 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2011-5200 | 2012-09-23 | Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. |
| CVE-2011-5201 | 2012-09-23 | Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are... |
| CVE-2012-5098 | 2012-09-23 | Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3)... |
| CVE-2012-5099 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. |
| CVE-2012-5100 | 2012-09-23 | Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the... |
| CVE-2012-5101 | 2012-09-23 | SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-5102 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter. |
| CVE-2012-5103 | 2012-09-23 | Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parameter. |
| CVE-2012-5104 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. |
| CVE-2012-5105 | 2012-09-23 | Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3)... |
| CVE-2011-5191 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a... |
| CVE-2011-5192 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a... |
| CVE-2011-5193 | 2012-09-23 | Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2012-3451 | 2012-09-24 | Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is... |
| CVE-2012-4655 | 2012-09-24 | The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via... |
| CVE-2012-5054 | 2012-09-24 | Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. |
| CVE-2012-2287 | 2012-09-25 | The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users... |
| CVE-2012-3011 | 2012-09-25 | Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request. |
| CVE-2012-3259 | 2012-09-25 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461. |
| CVE-2012-3260 | 2012-09-25 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462. |
| CVE-2012-3261 | 2012-09-25 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463. |
| CVE-2012-3262 | 2012-09-25 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464. |
| CVE-2012-3263 | 2012-09-25 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465. |
| CVE-2012-3264 | 2012-09-25 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472. |
| CVE-2012-3037 | 2012-09-25 | The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server... |
| CVE-2012-4014 | 2012-09-25 | Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. |
| CVE-2012-4015 | 2012-09-25 | Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a... |
| CVE-2012-2187 | 2012-09-25 | IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic... |
| CVE-2012-2199 | 2012-09-25 | The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a... |
| CVE-2012-3298 | 2012-09-25 | Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service... |
| CVE-2012-3300 | 2012-09-25 | IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. |
| CVE-2012-3304 | 2012-09-25 | The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified... |
| CVE-2012-3305 | 2012-09-25 | Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via... |
| CVE-2012-3306 | 2012-09-25 | IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the... |
| CVE-2012-3311 | 2012-09-25 | IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and... |
| CVE-2012-3324 | 2012-09-25 | Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via... |
| CVE-2012-3334 | 2012-09-25 | Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET... |
| CVE-2012-5159 | 2012-09-25 | phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute... |
| CVE-2012-0209 | 2012-09-25 | Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js,... |
| CVE-2011-4623 | 2012-09-25 | Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a... |
| CVE-2012-0869 | 2012-09-25 | Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2012-1293 | 2012-09-25 | Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1)... |
| CVE-2012-1646 | 2012-09-25 | Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1)... |
| CVE-2012-0973 | 2012-09-25 | Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1)... |
| CVE-2012-0974 | 2012-09-25 | Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2)... |
| CVE-2012-1103 | 2012-09-25 | emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email... |
| CVE-2012-1116 | 2012-09-26 | SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1117 | 2012-09-26 | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1188 | 2012-09-26 | Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error... |
| CVE-2012-1617 | 2012-09-26 | Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability... |
| CVE-2012-5162 | 2012-09-26 | Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action... |
| CVE-2012-5163 | 2012-09-26 | Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php. |
| CVE-2012-5164 | 2012-09-26 | Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3)... |
| CVE-2012-2874 | 2012-09-26 | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write... |
| CVE-2012-2875 | 2012-09-26 | Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document. |
| CVE-2012-2876 | 2012-09-26 | Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
| CVE-2012-2877 | 2012-09-26 | The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2012-2878 | 2012-09-26 | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. |
| CVE-2012-2879 | 2012-09-26 | Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. |