CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2012-6531 20 2013-02-13 2013-03-04
6.4
None Remote Low Not required Partial Partial None
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
302 CVE-2012-6357 264 +Priv Bypass 2013-02-20 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
303 CVE-2012-6356 264 +Priv 2013-02-20 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
304 CVE-2012-6355 264 +Priv 2013-02-20 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
305 CVE-2012-6354 287 Bypass 2013-02-19 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
306 CVE-2012-6352 119 DoS Overflow 2013-02-02 2017-08-29
5.0
None Remote Low Not required None None Partial
The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data.
307 CVE-2012-6326 119 DoS Overflow 2013-02-22 2013-02-25
7.8
None Remote Low Not required None None Complete
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.
308 CVE-2012-6275 119 Overflow 2013-02-24 2013-02-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
309 CVE-2012-6274 287 2013-02-24 2013-02-26
5.0
None Remote Low Not required None Partial None
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
310 CVE-2012-6273 89 Exec Code Sql 2013-02-24 2013-02-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request.
311 CVE-2012-6128 119 DoS Overflow 2013-02-24 2017-08-29
5.0
None Remote Low Not required None None Partial
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.
312 CVE-2012-6121 79 XSS 2013-02-24 2015-08-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.
313 CVE-2012-6093 310 2013-02-24 2021-06-16
4.3
None Remote Medium Not required Partial None None
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
314 CVE-2012-6075 120 DoS Exec Code Overflow 2013-02-13 2020-08-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
315 CVE-2012-6074 79 XSS 2013-02-24 2018-10-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
316 CVE-2012-6073 20 2013-02-24 2018-10-30
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
317 CVE-2012-6072 20 Http R.Spl. 2013-02-24 2018-10-30
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
318 CVE-2012-5953 119 DoS Overflow 2013-02-20 2017-08-29
4.3
None Remote Medium Not required None None Partial
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string.
319 CVE-2012-5952 287 2013-02-20 2017-08-29
5.0
None Remote Low Not required None Partial None
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors.
320 CVE-2012-5941 79 XSS 2013-02-20 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
321 CVE-2012-5940 287 2013-02-20 2017-08-29
4.3
None Remote Medium Not required Partial None None
The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process.
322 CVE-2012-5767 +Priv 2013-02-27 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors.
323 CVE-2012-5763 352 CSRF 2013-02-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
324 CVE-2012-5762 79 XSS 2013-02-20 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol.
325 CVE-2012-5761 79 XSS 2013-02-20 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
326 CVE-2012-5760 89 Exec Code Sql 2013-02-20 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
327 CVE-2012-5658 310 +Info 2013-02-24 2013-02-26
2.1
None Local Low Not required Partial None None
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
328 CVE-2012-5647 20 2013-02-24 2013-02-26
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
329 CVE-2012-5646 20 Exec Code 2013-02-24 2013-02-26
7.5
None Remote Low Not required Partial Partial Partial
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
330 CVE-2012-5634 16 DoS 2013-02-14 2014-04-19
6.1
None Local Network Low Not required None None Complete
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.
331 CVE-2012-5624 200 +Info 2013-02-24 2021-06-16
4.3
None Remote Medium Not required Partial None None
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
332 CVE-2012-5564 59 2013-02-14 2013-02-19
3.3
None Local Medium Not required None Partial Partial
android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.
333 CVE-2012-5536 20 +Priv +Info 2013-02-22 2019-04-22
6.2
None Local High Not required Complete Complete Complete
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
334 CVE-2012-5478 264 Bypass 2013-02-05 2017-08-29
4.9
None Remote Medium ??? Partial Partial None
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.
335 CVE-2012-5375 310 DoS 2013-02-18 2014-01-04
4.0
None Local High Not required None None Complete
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
336 CVE-2012-5374 310 DoS 2013-02-18 2014-01-04
4.0
None Local High Not required None None Complete
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.
337 CVE-2012-5337 79 XSS 2013-02-24 2013-02-26
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
338 CVE-2012-5199 Exec Code 2013-02-16 2019-10-09
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors.
339 CVE-2012-5198 +Info 2013-02-16 2019-10-09
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP ArcSight Connector Appliance before 6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to obtain sensitive information via unknown vectors.
340 CVE-2012-5188 2013-02-14 2013-02-19
10.0
None Remote Low Not required Complete Complete Complete
Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to trigger the launch of a .exe file via unspecified vectors.
341 CVE-2012-5187 264 +Info 2013-02-06 2013-02-07
4.3
None Remote Medium Not required Partial None None
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.
342 CVE-2012-5186 79 XSS 2013-02-06 2013-02-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
343 CVE-2012-4844 79 XSS 2013-02-27 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
344 CVE-2012-4842 399 2013-02-27 2017-08-29
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
345 CVE-2012-4712 798 2013-02-15 2022-04-12
5.0
None Remote Low Not required Partial None None
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.
346 CVE-2012-4711 119 DoS Exec Code Overflow Mem. Corr. 2013-02-15 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet.
347 CVE-2012-4708 119 Exec Code Overflow 2013-02-24 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
348 CVE-2012-4707 94 Exec Code 2013-02-24 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
349 CVE-2012-4706 189 DoS Overflow 2013-02-24 2013-05-21
7.8
None Remote Low Not required None None Complete
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.
350 CVE-2012-4705 22 Exec Code Dir. Trav. 2013-02-24 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
Total number of vulnerabilities : 406   Page : 1 2 3 4 5 6 7 (This Page)8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.