Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-02-13 | CVE-2012-3363 | XXE vulnerability in multiple products Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. | 9.1 |
| 2013-02-08 | CVE-2013-1465 | Deserialization of Untrusted Data vulnerability in Cubecart The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object. | 9.8 |
| 2013-01-31 | CVE-2013-1591 | Integer Overflow or Wraparound vulnerability in multiple products Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. | 9.8 |
| 2013-01-18 | CVE-2012-5656 | XXE vulnerability in multiple products The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | 5.5 |
| 2013-01-17 | CVE-2013-0375 | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. | 5.4 |
| 2013-01-17 | CVE-2013-0632 | Incorrect Default Permissions vulnerability in Adobe Coldfusion administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | 9.8 |
| 2013-01-09 | CVE-2013-0631 | Unspecified vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2 Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. | 7.5 |
| 2013-01-09 | CVE-2013-0629 | Unspecified vulnerability in Adobe Coldfusion Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. | 7.5 |
| 2013-01-09 | CVE-2013-0625 | Improper Authentication vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2 Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | 9.8 |
| 2012-12-30 | CVE-2012-4792 | Use After Free vulnerability in Microsoft Internet Explorer 6/7/8 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. | 8.8 |