Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-09 | CVE-2012-1493 | Credentials Management vulnerability in F5 products F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | 7.8 |
2012-07-09 | CVE-2012-3859 | Unspecified vulnerability in Netsweeper Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. | 10.0 |
2012-07-09 | CVE-2012-2447 | Cross-Site Request Forgery (CSRF) vulnerability in Netsweeper Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. | 6.8 |
2012-07-09 | CVE-2012-2446 | Cross-Site Scripting vulnerability in Netsweeper Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. | 4.3 |
2012-07-09 | CVE-2012-3863 | Resource Management Errors vulnerability in Digium products channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. | 4.0 |
2012-07-07 | CVE-2012-3374 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | 7.5 |
2012-07-07 | CVE-2012-2644 | Cross-Site Scripting vulnerability in Hazama Mt4I Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642. | 4.3 |
2012-07-07 | CVE-2012-2643 | Cross-Site Scripting vulnerability in Kent-Web Yy-Board Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. | 4.3 |
2012-07-07 | CVE-2012-2642 | Cross-Site Scripting vulnerability in Hazama Mt4I Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644. | 4.3 |
2012-07-05 | CVE-2012-3585 | Buffer Errors vulnerability in Irfanview Plugins 4.33 Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file. | 9.3 |