CVE-2012-4601

Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the 1 usergroups parameter to admin/code/tceedittest.php or 2 subjectid parameter to...

CVE-2011-2908

CVE-2011-2908 describes a CSRF flaw in the JMX Console (jmx-console) affecting JBoss Enterprise Portal Platform < 5.2.2, BRMS Platform 5.3.0

CVE-2012-5759

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors...

CVE-2012-5479

The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback...

CVE-2012-5473

The CVE-2012-5473 entry concerns Moodle’s Database activity module. Affected versions are Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3. The vulnerability enables remote authenticated users to read activity entries from a different group’s users via an advanced search, con...

CVE-2012-4198

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover privat...

CVE-2012-4198

The CVE-2012-4198 issue affects Bugzilla’s WebService User.get method in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x/4.4.x before 4.4rc1. Root cause: different outcomes for a groups request depending on whether a group exists, enabling remote authenticated users...

CVE-2012-5523

core/emailapi.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug...

mysql: unspecified DoS vulnerability related to DML (CPU Apr 2012)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML...

mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Apr 2012)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690...

CVE-2012-4949

SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service...

Cross site request forgery (csrf)

The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...

CVE-2012-4730

Request Tracker RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors...

CVE-2012-4731

FAQ manager for Request Tracker RTFM before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors...

Authentication flaw

MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors...

CVE-2012-5453

SQL injection vulnerability in user/indexinlineeditorsubmit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167...

CVE-2012-4506

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. dot dot in a repository name...

CVE-2012-4506

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. dot dot in a repository name...

Stack overflow

Stack-based buffer overflow in the SQL/PSM aka SQL Persistent Stored Module Stored Procedure SP infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure...

OpenJDK: disable Gopher support by default (Gopher, 7189567)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking...