CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Execute Code)

# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complex ity Authen tication Confiden tiality Integrity Availa bility
1 CVE-2012-2925 89 1 Exec Code Sql 2012-05-21 2012-05-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
2 CVE-2012-2924 94 1 Exec Code File Inclusion 2012-05-21 2012-05-22
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
3 CVE-2012-2923 89 1 Exec Code Sql 2012-05-21 2012-05-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
4 CVE-2012-2915 119 Exec Code Overflow 2012-05-21 2012-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
5 CVE-2012-2908 89 1 Exec Code Sql 2012-05-21 2012-05-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.
6 CVE-2012-2902 Exec Code 2012-05-21 2012-05-22
6.0
None Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.
7 CVE-2012-2611 20 Exec Code 2012-05-15 2012-05-15
9.3
None Remote Medium Not required Complete Complete Complete
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
8 CVE-2012-2562 20 Exec Code 2012-05-22 2012-05-22
7.6
None Remote High Not required Complete Complete Complete
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
9 CVE-2012-2561 264 Exec Code 2012-05-21 2012-05-22
10.0
None Remote Low Not required Complete Complete Complete
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
10 CVE-2012-2450 DoS Exec Code 2012-05-04 2012-05-07
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
11 CVE-2012-2449 119 DoS Exec Code Overflow 2012-05-04 2012-05-07
9.0
None Remote Low Single system Complete Complete Complete
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
12 CVE-2012-2448 119 DoS Exec Code Overflow 2012-05-04 2012-05-07
7.5
None Remote Low Not required Partial Partial Partial
VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.
13 CVE-2012-2418 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-04-27
6.8
None Local Network High Not required Complete Complete Complete
Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character.
14 CVE-2012-2414 287 Exec Code 2012-04-30 2012-05-01
6.5
None Remote Low Single system Partial Partial Partial
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
15 CVE-2012-2411 119 Exec Code Overflow 2012-05-18 2012-05-22
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file.
16 CVE-2012-2406 Exec Code 2012-05-18 2012-05-22
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.
17 CVE-2012-2376 119 1 Exec Code Overflow 2012-05-21 2012-05-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
18 CVE-2012-2369 134 Exec Code 2012-05-23 2012-05-24
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
19 CVE-2012-2338 89 Exec Code Sql 2012-05-21 2012-05-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
20 CVE-2012-2335 264 Exec Code Bypass 2012-05-11 2012-05-11
7.5
None Remote Low Not required Partial Partial Partial
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
21 CVE-2012-2321 20 Exec Code 2012-05-18 2012-05-21
10.0
None Remote Low Not required Complete Complete Complete
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.
22 CVE-2012-2311 89 Exec Code Sql 2012-05-11 2012-05-11
7.5
None Remote Low Not required Partial Partial Partial
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
23 CVE-2012-2271 119 1 Exec Code Overflow 2012-05-21 2012-05-22
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
24 CVE-2012-2236 89 Exec Code Sql 2012-04-20 2012-04-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
25 CVE-2012-2225 264 Exec Code 2012-04-11 2012-04-11
7.5
None Remote Low Not required Partial Partial Partial
360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction.
26 CVE-2012-2224 94 Exec Code 2012-04-11 2012-04-11
7.5
None Remote Low Not required Partial Partial Partial
Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability."
27 CVE-2012-2118 20 DoS Exec Code 2012-05-18 2012-05-21
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.
28 CVE-2012-2089 119 DoS Exec Code Overflow 2012-04-17 2012-04-20
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
29 CVE-2012-2053 264 Exec Code +Priv 2012-04-05 2012-04-05
7.2
None Local Low Not required Complete Complete Complete
The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777.
30 CVE-2012-2042 119 DoS Exec Code Overflow Mem. Corr. 2012-05-24 2012-05-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
31 CVE-2012-2033 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-09
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2032.
32 CVE-2012-2032 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-09
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033.
33 CVE-2012-2031 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-09
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2032, and CVE-2012-2033.
34 CVE-2012-2030 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-09
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
35 CVE-2012-2029 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-09
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
36 CVE-2012-2028 119 Exec Code Overflow 2012-05-09 2012-05-14
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Photoshop before CS6 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.
37 CVE-2012-2027 399 Exec Code 2012-05-09 2012-05-09
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Photoshop before CS6 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.
38 CVE-2012-2026 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-09
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2025.
39 CVE-2012-2025 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-10
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026.
40 CVE-2012-2024 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-10
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026.
41 CVE-2012-2023 119 DoS Exec Code Overflow Mem. Corr. 2012-05-09 2012-05-10
10.0
None Remote Low Not required Complete Complete Complete
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
42 CVE-2012-2007 89 Exec Code Sql 2012-05-09 2012-05-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
43 CVE-2012-2000 Exec Code 2012-05-02 2012-05-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in HP System Health Application and Command Line Utilities before 9.0.0 allow remote attackers to execute arbitrary code via unknown vectors.
44 CVE-2012-1916 Exec Code 2012-03-27 2012-03-28
7.5
None Remote Low Not required Partial Partial Partial
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.
45 CVE-2012-1847 264 Exec Code 2012-05-08 2012-05-09
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability."
46 CVE-2012-1845 399 Exec Code Bypass 2012-03-22 2012-04-05
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
47 CVE-2012-1843 352 Exec Code CSRF 2012-03-22 2012-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
48 CVE-2012-1836 119 Exec Code Overflow 2012-03-21 2012-04-12
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.
49 CVE-2012-1823 20 Exec Code 2012-05-11 2012-05-11
7.5
None Remote Low Not required Partial Partial Partial
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
50 CVE-2012-1805 119 Exec Code Overflow 2012-04-13 2012-04-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters.
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.