CVE-2012-0529

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core...

CVE-2012-0532

Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management...

CVE-2012-0534

CVE-2012-0534 affects Oracle Database Server (RDBMS Core) versions 10.2.0.3/10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.2/11.2.0.3. Description: an unspecified vulnerability in the RDBMS Core allows remote authenticated users to affect integrity via unknown vectors related to Create Session. Impact: partia...

Juniper Junos SSH TACACS+ Incorrect Permissions (PSN-2012-04-545)

According to its self-reported version number, the version of Junos running on the remote host may grant permissions incorrectly when SSH sessions are authenticated remotely using TACACS+ for authentication and authorization. Fetched authorizations are stored in a file whose name is based on...

CVE-2012-0135

Unspecified vulnerability in HP System Management Homepage SMH before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors...

Code injection

Unspecified vulnerability in HP System Management Homepage SMH before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors...

CVE-2012-0135

Unspecified vulnerability in HP System Management Homepage SMH before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors...

Code injection

Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than...

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

DEBIAN-CVE-2011-5000

The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may be limited scenarios in which...

CVE-2012-0709

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements...

CVE-2012-0401

Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

Hardcoded credentials

The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...

CVE-2011-4816

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and...

CVE-2012-1497

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role...

Design/Logic Flaw

Cisco Unity Connection before 7.1.3bSu2 allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141...

CVE-2012-0366

Cisco Unity Connection (Linux-based platform) prior to versions 7.1.3b(Su2) and 7.1.5 is affected by CVE-2012-0366, a privilege-escalation vulnerability where an authenticated user with the Help Desk Administrator role can change the administrative password, gaining full control. The issue stems ...

Snom IP Phone Privilege Escalation

Sense of Security - Security Advisory - SOS-12-001 Release Date. 23-Feb-2012 Last Update. - Vendor Notification Date. 27-Jan-2012 Product. Snom IP Phone series Platform. Hardware Affected versions. All versions prior to v8.4.35 Severity Rating. High Impact. Privilege escalation Attack Vector...

CVE-2012-1222

Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23...

mysql: Unspecified vulnerability allows remote authenticated users to affect availability

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102...