The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.
Max CVSS
10.0
EPSS Score
0.36%
Published
2012-05-29
Updated
2012-05-30

CVE-2012-2926

Public exploit
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Max CVSS
9.1
EPSS Score
45.86%
Published
2012-05-22
Updated
2021-12-13

CVE-2012-2915

Public exploit
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
Max CVSS
9.3
EPSS Score
93.24%
Published
2012-05-21
Updated
2017-08-29

CVE-2012-2611

Public exploit
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
Max CVSS
9.3
EPSS Score
95.96%
Published
2012-05-15
Updated
2012-08-19
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.76%
Published
2012-05-25
Updated
2017-08-29
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
Max CVSS
10.0
EPSS Score
1.70%
Published
2012-05-21
Updated
2013-05-25
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
Max CVSS
9.0
EPSS Score
0.32%
Published
2012-05-04
Updated
2017-12-14
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
Max CVSS
9.0
EPSS Score
0.25%
Published
2012-05-04
Updated
2017-12-14
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2012-05-25
Updated
2012-05-28
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
Max CVSS
10.0
EPSS Score
0.27%
Published
2012-05-25
Updated
2012-05-28
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
Max CVSS
10.0
EPSS Score
0.33%
Published
2012-05-25
Updated
2012-05-28
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file.
Max CVSS
9.3
EPSS Score
8.04%
Published
2012-05-18
Updated
2017-08-29
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.
Max CVSS
9.3
EPSS Score
2.17%
Published
2012-05-18
Updated
2017-08-29
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
Max CVSS
10.0
EPSS Score
25.60%
Published
2012-05-21
Updated
2017-08-29
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.
Max CVSS
10.0
EPSS Score
1.22%
Published
2012-05-18
Updated
2017-08-29
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
Max CVSS
10.0
EPSS Score
21.77%
Published
2012-05-21
Updated
2017-12-05

CVE-2012-2176

Public exploit
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
Max CVSS
9.3
EPSS Score
76.26%
Published
2012-05-25
Updated
2017-08-29
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
Max CVSS
10.0
EPSS Score
1.98%
Published
2012-05-18
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
0.75%
Published
2012-05-24
Updated
2012-09-29
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2032.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-11-22
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-11-22
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2032, and CVE-2012-2033.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-11-22
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-11-22
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-11-22
Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
5.44%
Published
2012-05-09
Updated
2017-11-22
88 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!