CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-1914 119 Exec Code Overflow 2012-02-21 2012-02-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.
2 CVE-2011-3659 399 Exec Code 2012-02-01 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
3 CVE-2011-4041 94 Exec Code 2012-02-06 2012-12-10
10.0
None Remote Low Not required Complete Complete Complete
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
4 CVE-2011-4185 119 DoS Exec Code Overflow Mem. Corr. 2012-02-21 2012-02-22
10.0
None Remote Low Not required Complete Complete Complete
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436.
5 CVE-2011-4187 119 Exec Code Overflow 2012-02-21 2012-02-24
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173.
6 CVE-2011-4509 264 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
7 CVE-2011-4513 Exec Code 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
8 CVE-2011-4514 287 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
9 CVE-2011-4524 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
10 CVE-2011-4525 264 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.
11 CVE-2011-4526 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
12 CVE-2011-4791 94 Exec Code 2012-02-02 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.
13 CVE-2012-0238 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
14 CVE-2012-0240 287 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
15 CVE-2012-0242 134 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
16 CVE-2012-0243 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
17 CVE-2012-0290 2012-02-06 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
18 CVE-2012-0442 119 DoS Exec Code Overflow Mem. Corr. 2012-02-01 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
19 CVE-2012-0443 DoS Exec Code Mem. Corr. 2012-02-01 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
20 CVE-2012-0444 DoS Exec Code Mem. Corr. 2012-02-01 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
21 CVE-2012-0449 119 DoS Exec Code Overflow Mem. Corr. 2012-02-01 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
22 CVE-2012-0497 2012-02-15 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
23 CVE-2012-0498 2012-02-15 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
24 CVE-2012-0499 2012-02-15 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
25 CVE-2012-0500 2012-02-15 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
26 CVE-2012-0508 2012-02-15 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
27 CVE-2012-0751 DoS Exec Code Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
28 CVE-2012-0752 119 DoS Exec Code Overflow Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion."
29 CVE-2012-0753 119 DoS Exec Code Overflow Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.
30 CVE-2012-0754 119 DoS Exec Code Overflow Mem. Corr. 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
31 CVE-2012-0755 264 Bypass 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.
32 CVE-2012-0756 264 Bypass 2012-02-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.
33 CVE-2012-0757 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
34 CVE-2012-0758 119 Exec Code Overflow 2012-02-14 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors.
35 CVE-2012-0759 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2018-02-19
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771.
36 CVE-2012-0760 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
37 CVE-2012-0761 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
38 CVE-2012-0762 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.
39 CVE-2012-0763 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766.
40 CVE-2012-0764 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2012-03-20
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0766.
41 CVE-2012-0766 119 DoS Exec Code Overflow Mem. Corr. 2012-02-14 2012-02-24
10.0
None Remote Low Not required Complete Complete Complete
The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0764.
42 CVE-2012-1002 1 Exec Code Sql 2012-02-07 2017-12-06
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
43 CVE-2012-1288 255 2012-02-23 2012-02-27
10.0
None Remote Low Not required Complete Complete Complete
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session.
44 CVE-2012-1418 2012-02-29 2012-04-20
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
45 CVE-2011-3961 362 Exec Code 2012-02-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
46 CVE-2011-4039 264 Exec Code 2012-02-10 2012-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
47 CVE-2011-4186 119 Exec Code Overflow 2012-02-21 2012-02-22
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705.
48 CVE-2011-4508 287 Bypass 2012-02-03 2012-02-07
9.3
None Remote Medium Not required Complete Complete Complete
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.
49 CVE-2011-4790 Exec Code 2012-02-01 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.
50 CVE-2011-4875 119 1 Exec Code Overflow 2012-02-03 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
Total number of vulnerabilities : 353   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.