CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2011-5227 119 Exec Code Overflow 2012-10-25 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
502 CVE-2011-5226 352 CSRF 2012-10-25 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots.
503 CVE-2011-5225 79 XSS 2012-10-25 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
504 CVE-2011-5224 89 Exec Code Sql 2012-10-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
505 CVE-2011-5223 79 XSS CSRF 2012-10-25 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
506 CVE-2011-5222 89 1 Exec Code Sql 2012-10-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.
507 CVE-2011-5221 79 XSS 2012-10-25 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.
508 CVE-2011-5220 79 XSS 2012-10-25 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php.
509 CVE-2011-5219 22 1 Dir. Trav. 2012-10-25 2017-08-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
510 CVE-2011-5218 89 1 Exec Code Sql 2012-10-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
511 CVE-2011-5217 22 Dir. Trav. 2012-10-25 2017-08-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.
512 CVE-2011-5216 89 Exec Code Sql 2012-10-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.
513 CVE-2011-5215 89 1 Exec Code Sql 2012-10-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
514 CVE-2011-5214 79 XSS 2012-10-25 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
515 CVE-2011-5213 89 Exec Code Sql 2012-10-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
516 CVE-2011-5212 89 1 Exec Code Sql 2012-10-22 2013-02-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.
517 CVE-2011-5211 79 1 XSS 2012-10-22 2012-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452.
518 CVE-2011-5210 22 Dir. Trav. 2012-10-09 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the theme parameter.
519 CVE-2011-5209 79 1 XSS 2012-10-09 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.
520 CVE-2011-5208 22 Dir. Trav. 2012-10-08 2012-10-09
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php.
521 CVE-2011-5207 79 1 XSS 2012-10-04 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
522 CVE-2011-5206 79 XSS 2012-10-04 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter.
523 CVE-2011-5205 79 1 XSS 2012-10-04 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter.
524 CVE-2011-5204 255 1 +Info 2012-10-04 2012-10-05
1.9
None Local Medium Not required Partial None None
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
525 CVE-2011-5203 89 1 Exec Code Sql 2012-10-04 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
526 CVE-2011-5202 119 DoS Overflow 2012-10-01 2017-08-29
2.1
None Local Low Not required None None Partial
BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe.
527 CVE-2011-4945 264 +Priv 2012-10-01 2012-12-19
6.9
None Local Medium Not required Complete Complete Complete
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.
528 CVE-2011-4932 94 Exec Code 2012-10-06 2012-10-08
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter.
529 CVE-2011-4929 Exec Code 2012-10-08 2012-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
530 CVE-2011-4928 79 XSS 2012-10-08 2012-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
531 CVE-2011-4927 +Info 2012-10-08 2012-10-09
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
532 CVE-2011-4911 20 2012-10-07 2012-10-08
5.0
None Remote Low Not required Partial None None
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
533 CVE-2011-4910 79 XSS 2012-10-07 2012-10-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
534 CVE-2011-4909 79 XSS 2012-10-07 2012-10-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.
535 CVE-2011-4640 22 Dir. Trav. 2012-10-08 2012-10-08
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
536 CVE-2011-4639 94 Exec Code 2012-10-08 2012-10-08
6.5
None Remote Low ??? Partial Partial Partial
The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.
537 CVE-2011-4638 89 Exec Code Sql 2012-10-08 2012-10-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php.
538 CVE-2011-4551 79 XSS 2012-10-01 2012-10-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
539 CVE-2011-4363 59 2012-10-07 2012-10-08
2.6
None Local High Not required None Partial Partial
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
540 CVE-2011-4342 94 2 Exec Code File Inclusion 2012-10-08 2012-10-09
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
541 CVE-2011-4129 200 +Info 2012-10-22 2017-01-05
5.8
None Remote Medium Not required Partial Partial None
(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
542 CVE-2011-3918 399 DoS 2012-10-07 2013-08-03
7.8
None Remote Low Not required None None Complete
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
543 CVE-2011-3209 189 DoS 2012-10-03 2012-10-03
4.9
None Local Low Not required None None Complete
The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.
544 CVE-2011-1833 264 Bypass 2012-10-03 2014-03-08
3.3
None Local Medium Not required Partial Partial None
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
545 CVE-2010-5279 189 DoS 2012-10-08 2012-10-08
5.0
None Remote Low Not required None None Partial
article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.
546 CVE-2010-5278 22 1 Dir. Trav. 2012-10-07 2020-01-10
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.
547 CVE-2010-5277 Bypass 2012-10-07 2017-08-29
4.9
None Remote Medium ??? None Partial Partial
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors.
548 CVE-2010-5276 264 2012-10-07 2012-10-08
4.3
None Remote Medium Not required None Partial None
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again."
549 CVE-2010-5275 79 XSS 2012-10-07 2012-10-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
550 CVE-2010-5067 255 Bypass 2012-10-08 2012-10-08
6.8
None Remote Medium Not required Partial Partial Partial
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
Total number of vulnerabilities : 556   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.