CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2012-3393 79 XSS 2012-07-23 2020-12-01
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
152 CVE-2012-3392 16 Bypass 2012-07-23 2020-12-01
5.5
None Remote Low ??? None Partial Partial
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
153 CVE-2012-3391 264 Bypass 2012-07-23 2020-12-01
4.0
None Remote Low ??? Partial None None
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum.
154 CVE-2012-3390 264 +Info 2012-07-23 2020-12-01
3.5
None Remote Medium ??? Partial None None
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.
155 CVE-2012-3389 79 XSS 2012-07-23 2020-12-01
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
156 CVE-2012-3388 264 Bypass 2012-07-23 2020-12-01
4.0
None Remote Low ??? None Partial None
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.
157 CVE-2012-3387 264 Bypass 2012-07-23 2020-12-01
4.0
None Remote Low ??? None Partial None
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
158 CVE-2012-3385 264 +Info 2012-07-22 2012-07-23
5.0
None Remote Low Not required Partial None None
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
159 CVE-2012-3384 352 CSRF 2012-07-22 2012-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
160 CVE-2012-3383 264 XSS Bypass 2012-07-22 2012-09-18
2.6
None Remote High Not required None Partial None
The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.
161 CVE-2012-3382 79 XSS 2012-07-12 2013-04-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
162 CVE-2012-3377 119 DoS Exec Code Overflow 2012-07-12 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.
163 CVE-2012-3376 310 2012-07-12 2017-03-24
7.5
None Remote Low Not required Partial Partial Partial
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
164 CVE-2012-3374 119 Exec Code Overflow 2012-07-07 2017-12-01
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
165 CVE-2012-3372 310 2012-07-09 2012-07-09
5.8
None Remote Medium Not required Partial Partial None
** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key."
166 CVE-2012-3371 20 DoS 2012-07-17 2012-08-24
3.5
None Remote Medium ??? None None Partial
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
167 CVE-2012-3368 189 +Info 2012-07-03 2012-07-04
2.6
None Remote High Not required Partial None None
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.
168 CVE-2012-3366 78 Exec Code 2012-07-03 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).
169 CVE-2012-3365 264 Bypass 2012-07-20 2017-12-01
5.0
None Remote Low Not required None Partial None
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
170 CVE-2012-3362 352 CSRF 2012-07-12 2012-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.
171 CVE-2012-3361 264 2012-07-22 2012-08-17
5.5
None Remote Low ??? None Partial Partial
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
172 CVE-2012-3360 22 Dir. Trav. 2012-07-22 2012-08-17
5.5
None Remote Low ??? None Partial Partial
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
173 CVE-2012-3358 119 DoS Exec Code Overflow 2012-07-18 2020-09-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
174 CVE-2012-3357 200 +Info 2012-07-22 2017-08-29
5.0
None Remote Low Not required Partial None None
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
175 CVE-2012-3356 287 Bypass 2012-07-22 2018-08-13
5.0
None Remote Low Not required None Partial None
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
176 CVE-2012-3355 94 Exec Code 2012-07-17 2017-08-29
3.6
None Local Low Not required None Partial Partial
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
177 CVE-2012-3350 89 1 Exec Code Sql 2012-07-12 2018-05-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
178 CVE-2012-3241 264 Exec Code 2012-07-17 2012-07-18
7.5
None Remote Low Not required Partial Partial Partial
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.
179 CVE-2012-3240 264 +Priv 2012-07-17 2012-07-18
7.5
None Remote Low Not required Partial Partial Partial
The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request.
180 CVE-2012-3238 79 XSS 2012-07-09 2012-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
181 CVE-2012-3236 119 1 DoS Overflow 2012-07-12 2018-10-30
4.3
None Remote Medium Not required None None Partial
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
182 CVE-2012-3135 2012-07-17 2017-12-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
183 CVE-2012-3134 2012-07-17 2013-10-11
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors.
184 CVE-2012-3131 2012-07-17 2017-08-29
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS.
185 CVE-2012-3130 2012-07-17 2017-08-29
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd.
186 CVE-2012-3129 2012-07-17 2017-08-29
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer.
187 CVE-2012-3128 2012-07-17 2017-08-29
3.7
None Local High Not required Partial Partial Partial
Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager.
188 CVE-2012-3127 2012-07-17 2017-08-29
5.4
None Remote High Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP.
189 CVE-2012-3126 2012-07-17 2017-08-29
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
190 CVE-2012-3125 2012-07-17 2017-08-29
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP.
191 CVE-2012-3124 2012-07-17 2017-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL.
192 CVE-2012-3123 2012-07-17 2017-12-22
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
193 CVE-2012-3122 2012-07-17 2017-08-29
2.6
None Local High Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort.
194 CVE-2012-3121 2012-07-17 2017-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer.
195 CVE-2012-3120 2012-07-17 2017-08-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP.
196 CVE-2012-3119 2012-07-17 2017-12-22
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway.
197 CVE-2012-3118 2012-07-17 2017-12-22
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC.
198 CVE-2012-3117 2012-07-17 2017-12-22
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to HTTP.
199 CVE-2012-3116 2012-07-17 2017-12-22
1.9
None Local Medium Not required Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors.
200 CVE-2012-3115 2012-07-17 2017-08-29
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install.
Total number of vulnerabilities : 536   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.