CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8951 CVE-2012-0275 119 Exec Code Overflow 2012-09-04 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression.
8952 CVE-2012-0271 189 Exec Code Overflow 2012-09-19 2013-04-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
8953 CVE-2012-0269 119 Exec Code Overflow 2012-04-27 2012-04-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, oreplug, Shuriken Pro4, Shuriken 2007 through 2010, Shuriken Pro4 Corporate Edition, Shuriken CE/2007 through CE/2009 Corporate Edition, Shuriken 2010 Corporate Edition, Rekishimail Sengokubusho no missho, and Bakumatsushishi no missho allows remote attackers to execute arbitrary code via a crafted image file.
8954 CVE-2012-0267 20 1 Exec Code 2012-01-14 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.
8955 CVE-2012-0266 119 1 Exec Code Overflow 2012-01-14 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.
8956 CVE-2012-0265 119 DoS Exec Code Overflow 2012-05-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.
8957 CVE-2012-0264 264 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
8958 CVE-2012-0262 94 Exec Code 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
8959 CVE-2012-0261 94 Exec Code 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
8960 CVE-2012-0247 119 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2012-11-26
9.3
None Remote Medium Not required Complete Complete Complete
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
8961 CVE-2012-0246 22 Exec Code Dir. Trav. 2012-04-02 2018-01-05
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server.
8962 CVE-2012-0245 119 Exec Code Overflow 2012-03-09 2012-10-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
8963 CVE-2012-0243 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
8964 CVE-2012-0242 134 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
8965 CVE-2012-0240 287 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
8966 CVE-2012-0238 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
8967 CVE-2012-0231 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.
8968 CVE-2012-0230 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299.
8969 CVE-2012-0229 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-03
10.0
None Remote Low Not required Complete Complete Complete
The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe.
8970 CVE-2012-0227 119 DoS Exec Code Overflow 2012-10-12 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method.
8971 CVE-2012-0224 +Priv 2012-02-21 2012-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223.
8972 CVE-2012-0223 +Priv 2012-02-22 2012-02-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224.
8973 CVE-2012-0212 20 Exec Code 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
8974 CVE-2012-0211 20 Exec Code 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
8975 CVE-2012-0210 20 Exec Code +Info 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
8976 CVE-2012-0208 2012-05-03 2013-10-10
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh.
8977 CVE-2012-0204 +Priv 2013-01-31 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
8978 CVE-2012-0202 119 DoS Exec Code Overflow 2012-05-04 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
8979 CVE-2012-0201 119 2 Exec Code Overflow 2012-03-02 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
8980 CVE-2012-0198 Exec Code Overflow 2012-03-05 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
8981 CVE-2012-0192 189 Exec Code Overflow 2012-01-23 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
8982 CVE-2012-0190 Exec Code 2012-01-18 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
8983 CVE-2012-0189 Exec Code 2012-01-18 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.
8984 CVE-2012-0188 Exec Code 2012-01-18 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
8985 CVE-2012-0187 +Priv 2012-06-22 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.
8986 CVE-2012-0185 264 Exec Code Overflow 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
8987 CVE-2012-0184 264 Exec Code Mem. Corr. 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
8988 CVE-2012-0183 DoS Exec Code Mem. Corr. 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
8989 CVE-2012-0182 94 Exec Code Mem. Corr. 2012-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
8990 CVE-2012-0177 119 Exec Code Overflow 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
8991 CVE-2012-0176 399 Exec Code 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
8992 CVE-2012-0175 94 Exec Code 2012-07-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
8993 CVE-2012-0173 94 Exec Code 2012-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
8994 CVE-2012-0172 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
8995 CVE-2012-0171 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."
8996 CVE-2012-0170 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."
8997 CVE-2012-0169 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."
8998 CVE-2012-0167 20 Exec Code Overflow 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
8999 CVE-2012-0165 20 Exec Code 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
9000 CVE-2012-0163 20 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.