Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-4671

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Aug, 2012 | 16:00
Updated At-16 Sep, 2024 | 17:38
Rejected At-
Credits

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Aug, 2012 | 16:00
Updated At:16 Sep, 2024 | 17:38
Rejected At:
▼CVE Numbering Authority (CNA)

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.psyced.org/files/psyced-20120821.tar.bz2
x_refsource_CONFIRM
http://xmpp.org/resources/security-notices/server-dialback/
x_refsource_MISC
Hyperlink: http://www.psyced.org/files/psyced-20120821.tar.bz2
Resource:
x_refsource_CONFIRM
Hyperlink: http://xmpp.org/resources/security-notices/server-dialback/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.psyced.org/files/psyced-20120821.tar.bz2
x_refsource_CONFIRM
x_transferred
http://xmpp.org/resources/security-notices/server-dialback/
x_refsource_MISC
x_transferred
Hyperlink: http://www.psyced.org/files/psyced-20120821.tar.bz2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://xmpp.org/resources/security-notices/server-dialback/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Aug, 2012 | 16:55
Updated At:11 Apr, 2025 | 00:51

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
psyced
psyced
>>psyced>>Versions up to 20111122(inclusive)
cpe:2.3:a:psyced:psyced:*:*:*:*:*:*:*:*
psyced
psyced
>>psyced>>20081120
cpe:2.3:a:psyced:psyced:20081120:*:*:*:*:*:*:*
psyced
psyced
>>psyced>>20090323
cpe:2.3:a:psyced:psyced:20090323:*:*:*:*:*:*:*
psyced
psyced
>>psyced>>20090617
cpe:2.3:a:psyced:psyced:20090617:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.psyced.org/files/psyced-20120821.tar.bz2cve@mitre.org
N/A
http://xmpp.org/resources/security-notices/server-dialback/cve@mitre.org
N/A
http://www.psyced.org/files/psyced-20120821.tar.bz2af854a3a-2127-422b-91ae-364da2661108
N/A
http://xmpp.org/resources/security-notices/server-dialback/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.psyced.org/files/psyced-20120821.tar.bz2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://xmpp.org/resources/security-notices/server-dialback/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.psyced.org/files/psyced-20120821.tar.bz2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://xmpp.org/resources/security-notices/server-dialback/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

211Records found
CVE-2014-1273
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1405
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.25% / 48.33%
||
7 Day CHG~0.00%
Published-10 Jan, 2014 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.

Action-Not Available
Vendor-conceptronicn/a
Product-c54apmc54apm_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3511
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.45% / 80.53%
||
7 Day CHG~0.00%
Published-08 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-gwosn/a
Product-groundwork_monitorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-11932
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-14.80% / 94.36%
||
7 Day CHG~0.00%
Published-12 Dec, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-20
Improper Input Validation
CVE-2021-29425
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-4.8||MEDIUM
EPSS-0.61% / 69.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 06:50
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible limited path traversal vulnerabily in Apache Commons IO

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-healthcare_data_repositoryprimavera_unifiercommunications_billing_and_revenue_management_elastic_charging_enginebanking_enterprise_default_managmentretail_service_backbonecommunications_order_and_service_managementretail_assortment_planningbanking_platformhealth_sciences_data_management_workbenchcommunications_policy_managementagile_plmoss_support_toolsretail_merchandising_systemcommunications_cloud_native_core_policybanking_party_managementcommons_iobanking_apiscommunications_application_session_controllerbanking_enterprise_default_managementblockchain_platformcommunications_cloud_native_core_unified_data_repositoryfinancial_services_analytical_applications_infrastructureretail_order_brokercommunications_design_studiocommunications_service_brokerfusion_middleware_mapviewercommunications_interactive_session_recorderaccess_managerretail_size_profile_optimizationapplication_testing_suitecommunications_convergenceenterprise_communications_brokercommunications_converged_application_server_-_service_controllercommunications_contacts_serverinsurance_rules_paletteretail_pricingbanking_digital_experiencerest_data_servicescommunications_offline_mediation_controllerutilities_testing_acceleratorsolaris_clustercommunications_cloud_native_core_network_repository_functionactive_iq_unified_managerhelidonretail_integration_busagile_engineering_data_managemententerprise_session_border_controllercommunications_diameter_intelligence_hubdebian_linuxweblogic_servercommunications_pricing_design_centerhealth_sciences_information_managerapplication_performance_managementflexcube_core_bankingretail_xstore_point_of_serviceinsurance_policy_administrationfinancial_services_model_management_and_governancereal_user_experience_insightcommerce_guided_searchwebcenter_portalApache Commons IO
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21510
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 73.93%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:45
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.

Action-Not Available
Vendor-Dell Inc.
Product-idrac8_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2007-6746
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-21 May, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-telepathy-idleubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6133
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-12.55% / 93.80%
||
7 Day CHG~0.00%
Published-27 Nov, 2007 | 19:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.

Action-Not Available
Vendor-devmassn/a
Product-devmass_cartn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-7.83% / 91.82%
||
7 Day CHG~0.00%
Published-26 Nov, 2007 | 22:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Action-Not Available
Vendor-amber_scriptn/a
Product-amber_scriptn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5782
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 58.15%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12270
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.68%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 13:32
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.

Action-Not Available
Vendor-valvesoftwaren/a
Product-steam_clientn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found