Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2013-01-18 CVE-2012-5656 XXE vulnerability in multiple products
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
5.5
2013-01-17 CVE-2013-0375 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
network
low complexity
oracle mariadb canonical redhat
5.4
2013-01-17 CVE-2013-0632 Incorrect Default Permissions vulnerability in Adobe Coldfusion
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
network
low complexity
adobe CWE-276
critical
9.8
2013-01-09 CVE-2013-0631 Unspecified vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
network
low complexity
adobe
7.5
2013-01-09 CVE-2013-0629 Unspecified vulnerability in Adobe Coldfusion
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
network
low complexity
adobe
7.5
2013-01-09 CVE-2013-0625 Improper Authentication vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
network
low complexity
adobe CWE-287
critical
9.8
2012-12-30 CVE-2012-4792 Use After Free vulnerability in Microsoft Internet Explorer 6/7/8
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
network
low complexity
microsoft CWE-416
8.8
2012-12-12 CVE-2012-2539 Out-of-bounds Write vulnerability in Microsoft products
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-787
7.8
2012-11-24 CVE-2012-2239 XXE vulnerability in multiple products
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
network
low complexity
mahara debian CWE-611
critical
9.1
2012-11-21 CVE-2012-5830 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.
network
low complexity
mozilla redhat canonical opensuse suse CWE-416
8.8