Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.
Max CVSS
7.5
EPSS Score
17.31%
Published
2012-07-26
Updated
2017-08-29
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-07-25
Updated
2017-08-29
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
Max CVSS
7.5
EPSS Score
0.06%
Published
2012-07-25
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
Max CVSS
6.8
EPSS Score
0.37%
Published
2012-07-25
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-25
Updated
2017-08-29
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
Max CVSS
9.3
EPSS Score
19.60%
Published
2012-07-25
Updated
2017-08-29
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2012-07-25
Updated
2017-08-29
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
Max CVSS
7.5
EPSS Score
0.08%
Published
2012-07-25
Updated
2017-08-29
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
Max CVSS
6.9
EPSS Score
0.57%
Published
2012-07-25
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-07-25
Updated
2019-07-30
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.12%
Published
2012-07-24
Updated
2017-08-29
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
Max CVSS
2.9
EPSS Score
0.71%
Published
2012-07-24
Updated
2018-10-30
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.
Max CVSS
3.3
EPSS Score
0.26%
Published
2012-07-24
Updated
2017-09-19
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
Max CVSS
7.5
EPSS Score
4.99%
Published
2012-07-22
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action.
Max CVSS
4.3
EPSS Score
0.13%
Published
2012-07-26
Updated
2012-07-27
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.31%
Published
2012-07-18
Updated
2017-08-29
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
Max CVSS
5.8
EPSS Score
0.84%
Published
2012-07-17
Updated
2017-08-29

CVE-2012-4031

Public exploit
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.
Max CVSS
5.0
EPSS Score
20.44%
Published
2012-07-17
Updated
2017-08-29
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
Max CVSS
7.8
EPSS Score
0.27%
Published
2012-07-16
Updated
2023-03-22
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
Max CVSS
5.0
EPSS Score
0.21%
Published
2012-07-16
Updated
2023-03-22
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607.
Max CVSS
5.0
EPSS Score
0.18%
Published
2012-07-16
Updated
2012-08-24
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
3.79%
Published
2012-07-19
Updated
2020-01-10
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
Max CVSS
6.8
EPSS Score
3.19%
Published
2012-07-19
Updated
2020-01-10
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
Max CVSS
4.3
EPSS Score
0.47%
Published
2012-07-12
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Max CVSS
4.3
EPSS Score
0.13%
Published
2012-07-12
Updated
2017-12-01
536 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!