Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-3689 |
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. Published: July 25, 2012; 3:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-3817 |
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. Published: July 25, 2012; 6:42:35 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2011-4582 |
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. Published: July 20, 2012; 6:40:35 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-0867 |
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. Published: July 18, 2012; 7:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2140 |
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. Published: July 18, 2012; 2:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1961 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. Published: July 18, 2012; 6:26:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4032 |
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx. Published: July 17, 2012; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-3371 |
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. Published: July 17, 2012; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-0801 |
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. Published: July 17, 2012; 6:20:53 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-0795 |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. Published: July 17, 2012; 6:20:53 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2012-4026 |
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. Published: July 16, 2012; 4:49:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4294 |
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors. Published: July 16, 2012; 6:28:37 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-2279 |
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: July 13, 2012; 5:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-3399 |
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. Published: July 12, 2012; 3:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4302 |
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate. Published: July 11, 2012; 6:26:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-1893 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." Published: July 10, 2012; 5:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-1890 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." Published: July 10, 2012; 5:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-1862 |
Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." Published: July 10, 2012; 5:55:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-2318 |
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. Published: July 03, 2012; 3:55:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-1147 |
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. Published: July 03, 2012; 3:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |