Lista CVE - 2012 / Ottobre
Visualizzazione 1 - 100 di 553 CVE per Ottobre 2012 (Pagina 1 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2012-1590 | 2012-10-01 | The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the... |
| CVE-2012-1591 | 2012-10-01 | The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. |
| CVE-2012-2153 | 2012-10-01 | Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the... |
| CVE-2012-2240 | 2012-10-01 | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." |
| CVE-2012-2241 | 2012-10-01 | scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. |
| CVE-2012-2242 | 2012-10-01 | scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not... |
| CVE-2012-3500 | 2012-10-01 | scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2)... |
| CVE-2012-4429 | 2012-10-01 | Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. |
| CVE-2011-4551 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. |
| CVE-2012-4432 | 2012-10-01 | Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction." |
| CVE-2012-4437 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a... |
| CVE-2012-4450 | 2012-10-01 | 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass... |
| CVE-2012-4415 | 2012-10-01 | Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long... |
| CVE-2012-4427 | 2012-10-01 | The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. |
| CVE-2012-0748 | 2012-10-01 | Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests... |
| CVE-2012-3035 | 2012-10-01 | Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. |
| CVE-2012-3319 | 2012-10-01 | IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product. |
| CVE-2012-4830 | 2012-10-01 | Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. |
| CVE-2012-4833 | 2012-10-01 | fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command... |
| CVE-2011-5202 | 2012-10-01 | BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe. |
| CVE-2012-1576 | 2012-10-01 | The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which... |
| CVE-2012-1639 | 2012-10-01 | Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1)... |
| CVE-2012-5223 | 2012-10-01 | The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl... |
| CVE-2012-5224 | 2012-10-01 | PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter. |
| CVE-2012-5225 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. |
| CVE-2012-5226 | 2012-10-01 | Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2)... |
| CVE-2012-5227 | 2012-10-01 | SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2012-5228 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter.... |
| CVE-2012-5229 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. |
| CVE-2012-5230 | 2012-10-01 | Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. |
| CVE-2012-5231 | 2012-10-01 | miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled... |
| CVE-2012-5232 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1897 | 2012-10-01 | Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user... |
| CVE-2012-1898 | 2012-10-01 | Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or... |
| CVE-2012-0989 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. |
| CVE-2012-1636 | 2012-10-01 | Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. |
| CVE-2012-5233 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. |
| CVE-2011-4945 | 2012-10-01 | PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication. |
| CVE-2012-4063 | 2012-10-01 | The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified... |
| CVE-2012-4242 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar... |
| CVE-2012-1470 | 2012-10-01 | Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. |
| CVE-2012-1471 | 2012-10-01 | Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| CVE-2012-1602 | 2012-10-01 | user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. |
| CVE-2012-1603 | 2012-10-01 | Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in... |
| CVE-2012-1604 | 2012-10-01 | Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. |
| CVE-2012-4064 | 2012-10-01 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller... |
| CVE-2012-4065 | 2012-10-01 | Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a... |
| CVE-2012-5234 | 2012-10-01 | Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. |
| CVE-2012-0691 | 2012-10-02 | CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors. |
| CVE-2012-0692 | 2012-10-02 | CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors. |
| CVE-2012-3314 | 2012-10-02 | IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that... |
| CVE-2012-3266 | 2012-10-02 | Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2011-1833 | 2012-10-03 | Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount... |
| CVE-2012-3375 | 2012-10-03 | The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of... |
| CVE-2012-3400 | 2012-10-03 | Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified... |
| CVE-2012-3412 | 2012-10-03 | The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP... |
| CVE-2012-3430 | 2012-10-03 | The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack... |
| CVE-2012-3510 | 2012-10-03 | Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of... |
| CVE-2012-3511 | 2012-10-03 | Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors... |
| CVE-2012-3520 | 2012-10-03 | The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted... |
| CVE-2012-3552 | 2012-10-03 | Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets... |
| CVE-2011-3209 | 2012-10-03 | The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via... |
| CVE-2012-3488 | 2012-10-03 | The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which... |
| CVE-2012-3489 | 2012-10-03 | The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated... |
| CVE-2012-3267 | 2012-10-04 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2012-3819 | 2012-10-04 | Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash)... |
| CVE-2012-5288 | 2012-10-04 | SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2012-5289 | 2012-10-04 | Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. |
| CVE-2012-5290 | 2012-10-04 | Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php. |
| CVE-2012-5291 | 2012-10-04 | SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter. |
| CVE-2012-5292 | 2012-10-04 | Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php. |
| CVE-2012-5293 | 2012-10-04 | Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or... |
| CVE-2011-5203 | 2012-10-04 | SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are... |
| CVE-2011-5205 | 2012-10-04 | Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links... |
| CVE-2011-5206 | 2012-10-04 | Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter. |
| CVE-2011-5207 | 2012-10-04 | Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. |
| CVE-2012-5294 | 2012-10-04 | SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2012-5295 | 2012-10-04 | Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. |
| CVE-2012-5296 | 2012-10-04 | Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp,... |
| CVE-2012-5297 | 2012-10-04 | SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2012-5298 | 2012-10-04 | Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. |
| CVE-2012-5299 | 2012-10-04 | Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. |
| CVE-2012-5300 | 2012-10-04 | SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2011-5204 | 2012-10-04 | Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. |
| CVE-2012-2999 | 2012-10-04 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add... |
| CVE-2012-5237 | 2012-10-04 | The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
| CVE-2012-5238 | 2012-10-04 | epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to... |
| CVE-2012-5240 | 2012-10-04 | Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly... |
| CVE-2012-5301 | 2012-10-04 | The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the... |
| CVE-2012-4018 | 2012-10-05 | Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
| CVE-2012-4894 | 2012-10-05 | Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file. |
| CVE-2012-4895 | 2012-10-05 | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896. |
| CVE-2012-4896 | 2012-10-05 | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895. |
| CVE-2012-4897 | 2012-10-05 | Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. |
| CVE-2012-5050 | 2012-10-05 | Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5051 | 2012-10-05 | Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2012-4443 | 2012-10-05 | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by... |
| CVE-2012-0845 | 2012-10-05 | SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU... |
| CVE-2012-1150 | 2012-10-05 | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to... |
| CVE-2012-5303 | 2012-10-05 | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid... |