Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-06 | CVE-2012-1153 | Remote Arbitrary File Upload vulnerability in appRain CMF 'uploadify.php' Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. network apprain | 6.8 |
| 2012-10-06 | CVE-2012-0987 | Path Traversal vulnerability in Impresscms Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. | 6.0 |
| 2012-10-06 | CVE-2012-0986 | Cross-Site Scripting vulnerability in Impresscms Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. | 4.3 |
| 2012-10-06 | CVE-2011-4932 | Code Injection vulnerability in Impresspages CMS 1.0.12 Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter. | 7.5 |
| 2012-10-05 | CVE-2012-5303 | Link Following vulnerability in Monkey-Project Monkey 0.9.3 Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | 6.9 |
| 2012-10-05 | CVE-2012-4442 | Permissions, Privileges, and Access Controls vulnerability in Monkey-Project Monkey 0.9.3 Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check. | 4.7 |
| 2012-10-05 | CVE-2012-1150 | Cryptographic Issues vulnerability in Python Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 5.0 |
| 2012-10-05 | CVE-2012-0845 | Resource Management Errors vulnerability in Python SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. | 5.0 |
| 2012-10-05 | CVE-2012-5051 | Path Traversal vulnerability in VMWare Capacityiq 1.5.0/1.5.1/1.5.2 Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2012-10-05 | CVE-2012-5050 | Cross-Site Scripting vulnerability in VMWare Vcenter Operations 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |