CVE List - 2013 / January
Showing 301 - 400 of 439 CVEs for January 2013 (Page 4 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2012-5616 | 2013-01-22 | Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key... |
| CVE-2012-6096 | 2013-01-22 | Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote... |
| CVE-2012-3364 | 2013-01-22 | Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly... |
| CVE-2013-0209 | 2013-01-23 | lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL... |
| CVE-2011-4618 | 2013-01-24 | Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| CVE-2012-2099 | 2013-01-24 | Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort... |
| CVE-2012-6085 | 2013-01-24 | The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a... |
| CVE-2012-6503 | 2013-01-24 | Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. |
| CVE-2012-6506 | 2013-01-24 | Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in... |
| CVE-2012-6507 | 2013-01-24 | Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. |
| CVE-2012-6511 | 2013-01-24 | Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or... |
| CVE-2012-6512 | 2013-01-24 | The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php,... |
| CVE-2012-6514 | 2013-01-24 | Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action... |
| CVE-2012-6516 | 2013-01-24 | SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. |
| CVE-2012-6517 | 2013-01-24 | Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or... |
| CVE-2012-6518 | 2013-01-24 | Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to... |
| CVE-2012-6519 | 2013-01-24 | SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. |
| CVE-2012-6520 | 2013-01-24 | Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue... |
| CVE-2012-1922 | 2013-01-24 | Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2)... |
| CVE-2012-6504 | 2013-01-24 | SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2012-6505 | 2013-01-24 | Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2012-6508 | 2013-01-24 | Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via... |
| CVE-2012-6509 | 2013-01-24 | Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. |
| CVE-2012-6510 | 2013-01-24 | Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when... |
| CVE-2012-6513 | 2013-01-24 | Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. |
| CVE-2012-6515 | 2013-01-24 | eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in... |
| CVE-2012-6521 | 2013-01-24 | Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. |
| CVE-2012-5668 | 2013-01-24 | FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation... |
| CVE-2012-5669 | 2013-01-24 | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an... |
| CVE-2012-5670 | 2013-01-24 | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field... |
| CVE-2013-0839 | 2013-01-24 | Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts... |
| CVE-2013-0840 | 2013-01-24 | Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. |
| CVE-2013-0841 | 2013-01-24 | Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
| CVE-2013-0842 | 2013-01-24 | Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors. |
| CVE-2013-1102 | 2013-01-24 | The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote... |
| CVE-2013-1103 | 2013-01-24 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload)... |
| CVE-2013-1104 | 2013-01-24 | The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug... |
| CVE-2013-1105 | 2013-01-24 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read... |
| CVE-2012-6095 | 2013-01-24 | ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD... |
| CVE-2012-6435 | 2013-01-24 | Rockwell Automation ControlLogix PLC Improper Access Control |
| CVE-2012-6436 | 2013-01-24 | Rockwell Automation ControlLogix PLC Improper Input Validation |
| CVE-2012-6437 | 2013-01-24 | Rockwell Automation ControlLogix PLC Improper Authentication |
| CVE-2012-6438 | 2013-01-24 | Rockwell Automation ControlLogix PLC Improper Input Validation |
| CVE-2012-6439 | 2013-01-24 | Rockwell Automation ControlLogix PLC Improper Access Control |
| CVE-2012-6440 | 2013-01-24 | Rockwell Automation ControlLogix PLC Improper Input Validation |
| CVE-2012-6441 | 2013-01-24 | Rockwell Automation ControlLogix PLC Information Exposure |
| CVE-2012-6442 | 2013-01-24 | Rockwell Automation ControlLogix PLC Improper Access Control |
| CVE-2013-0843 | 2013-01-24 | content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a... |
| CVE-2012-5689 | 2013-01-25 | ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause... |
| CVE-2012-6272 | 2013-01-25 | Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm... |
| CVE-2012-3278 | 2013-01-25 | Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet. |
| CVE-2012-0435 | 2013-01-26 | SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. |
| CVE-2012-6276 | 2013-01-26 | Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the... |
| CVE-2013-0107 | 2013-01-26 | Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security... |
| CVE-2012-4917 | 2013-01-26 | The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. |
| CVE-2012-4914 | 2013-01-26 | Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream. |
| CVE-2012-5484 | 2013-01-27 | The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure... |
| CVE-2013-0458 | 2013-01-27 | Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security... |
| CVE-2013-0459 | 2013-01-27 | Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers... |
| CVE-2013-0460 | 2013-01-27 | Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to... |
| CVE-2013-0461 | 2013-01-27 | Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before... |
| CVE-2013-0462 | 2013-01-27 | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. |
| CVE-2013-0651 | 2013-01-27 | The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration... |
| CVE-2013-0652 | 2013-01-27 | GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI... |
| CVE-2013-0653 | 2013-01-27 | Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers... |
| CVE-2013-0654 | 2013-01-27 | CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of... |
| CVE-2012-6098 | 2013-01-27 | grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote... |
| CVE-2012-6099 | 2013-01-27 | The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated... |
| CVE-2012-6100 | 2013-01-27 | report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden... |
| CVE-2012-6101 | 2013-01-27 | Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks... |
| CVE-2012-6102 | 2013-01-27 | lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka... |
| CVE-2012-6103 | 2013-01-27 | Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the... |
| CVE-2012-6104 | 2013-01-27 | blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading... |
| CVE-2012-6105 | 2013-01-27 | blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote... |
| CVE-2012-6106 | 2013-01-27 | calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role... |
| CVE-2012-6112 | 2013-01-27 | classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1... |
| CVE-2012-4696 | 2013-01-28 | Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, allows local users to gain privileges by inserting a long string into a DLL file. |
| CVE-2013-0948 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0949 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0950 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0951 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0952 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0953 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0954 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0955 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0956 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0958 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0959 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-0962 | 2013-01-29 | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled... |
| CVE-2013-0963 | 2013-01-29 | Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment... |
| CVE-2013-0964 | 2013-01-29 | The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and... |
| CVE-2013-0974 | 2013-01-29 | StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions... |
| CVE-2013-0968 | 2013-01-29 | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web... |
| CVE-2013-1450 | 2013-01-29 | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP... |
| CVE-2013-1451 | 2013-01-29 | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the... |
| CVE-2013-0333 | 2013-01-30 | lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote... |
| CVE-2010-5287 | 2013-01-31 | SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2011-5255 | 2013-01-31 | Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or... |
| CVE-2012-6522 | 2013-01-31 | Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some... |
| CVE-2012-6523 | 2013-01-31 | Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or... |