The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2012-4746 | Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | Medium | Sep 3, 2012 |
CVE-2012-4745 | Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | Medium | Sep 4, 2012 |
CVE-2012-4744 | Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter. | Medium | Sep 4, 2012 |
CVE-2012-4743 | Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters. | High | Sep 3, 2012 |
CVE-2012-4742 | The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. | High | Sep 3, 2012 |
CVE-2012-4741 | The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute. | Medium | Sep 3, 2012 |
CVE-2012-4740 | Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Sep 4, 2012 |
CVE-2012-4739 | Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do. | Medium | Sep 3, 2012 |
CVE-2012-4737 | channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. | Medium | Sep 5, 2012 |
CVE-2012-4736 | The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations. | Low | Aug 31, 2012 |
CVE-2012-4735 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, CVE-2012-6581. Reason: This candidate is a duplicate of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581. Notes: All CVE users should reference one or more of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
CVE-2012-4734 | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a confused deputy attack to bypass the CSRF warning protection mechanism and cause victims to modify arbitrary state via unknown vectors related to a crafted link. | Medium | Nov 12, 2012 |
CVE-2012-4733 | Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and custom lifecycle transition permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. | Medium | Aug 27, 2013 |
CVE-2012-4732 | Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. | Medium | Nov 12, 2012 |
CVE-2012-4731 | FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. | Medium | Nov 12, 2012 |
CVE-2012-4730 | Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | Low | Nov 12, 2012 |
CVE-2012-4729 | Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands. | Medium | Oct 26, 2012 |
CVE-2012-4728 | The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.Per: http://cwe.mitre.org/data/definitions/476.html CWE-476: NULL Pointer Dereference | Medium | Jun 6, 2014 |
CVE-2012-4726 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4725 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4724 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4723 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4722 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4721 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4720 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4719 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4718 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4717 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4716 | N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | HIGH | Jun 13, 2015 |
CVE-2012-4715 | Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long UDP packet that is not properly handled by Logger.dll. | High | Apr 18, 2013 |
CVE-2012-4714 | Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value. | High | Apr 18, 2013 |
CVE-2012-4713 | Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value. | High | Apr 18, 2013 |
CVE-2012-4712 | Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | Medium | Feb 15, 2013 |
CVE-2012-4711 | Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet. | High | Feb 15, 2013 |
CVE-2012-4710 | Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference. | High | Apr 4, 2013 |
CVE-2012-4709 | Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.AV:L per http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01 'This vulnerability is not exploitable remotely' | Medium | Oct 15, 2013 |
CVE-2012-4708 | Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | High | Feb 25, 2013 |
CVE-2012-4707 | 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access. | High | Feb 25, 2013 |
CVE-2012-4706 | Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow. | High | Feb 25, 2013 |
CVE-2012-4705 | Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | High | Feb 25, 2013 |
CVE-2012-4704 | Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | High | Feb 27, 2013 |
CVE-2012-4703 | The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. | Medium | Mar 18, 2013 |
CVE-2012-4702 | 360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session. | High | Mar 18, 2013 |
CVE-2012-4701 | Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature. | High | Feb 15, 2013 |
CVE-2012-4700 | Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. | High | Feb 8, 2013 |
CVE-2012-4699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none | -- | Nov 7, 2023 |
CVE-2012-4698 | Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. | Medium | Dec 24, 2012 |
CVE-2012-4697 | TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session. | High | May 24, 2013 |
CVE-2012-4696 | Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and H-Designer 6.5.0 B180_R1967, allows local users to gain privileges by inserting a long string into a DLL file. | Medium | Jan 30, 2013 |
CVE-2012-4695 | LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. | High | Apr 18, 2013 |