Click on the underlined CVE for additional vuln specific info
CVE-2012-6453 CVE-2012-6339 CVE-2012-6337 CVE-2012-6336 CVE-2012-6335 CVE-2012-6334 CVE-2012-5642 CVE-2012-4688 CVE-2012-4792
Summary: Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.
Published: 12/31/2012
CVSS Severity: 4.3 (MEDIUM)
Summary: Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
Published: 12/31/2012
CVSS Severity: 4.3 (MEDIUM)
Summary: The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
Published: 12/31/2012
CVSS Severity: 3.3 (LOW)
Summary: The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Published: 12/31/2012
CVSS Severity: 3.3 (LOW)
Summary: The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Published: 12/31/2012
CVSS Severity: 3.3 (LOW)
Summary: The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Published: 12/31/2012
CVSS Severity: 2.9 (LOW)
Summary: server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.
Published: 12/31/2012
CVSS Severity: 7.5 (HIGH)
Summary: The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support.
Published: 12/31/2012
CVSS Severity: 7.5 (HIGH)
Summary: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Published: 12/30/2012
CVSS Severity: 6.8 (MEDIUM)