CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-7309 255 2012-04-05 2012-04-12
5.0
None Remote Low Not required None Partial None
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability.
2 CVE-2008-7310 255 Bypass 2012-04-05 2012-04-05
5.0
None Remote Low Not required None Partial None
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability.
3 CVE-2008-7311 255 Bypass 2012-04-05 2012-04-12
5.0
None Remote Low Not required None Partial None
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
4 CVE-2010-4666 119 DoS Overflow 2012-04-13 2012-04-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
5 CVE-2011-1777 119 DoS Exec Code Overflow 2012-04-13 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
6 CVE-2011-1778 119 DoS Exec Code Overflow 2012-04-13 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
7 CVE-2011-1779 399 DoS 2012-04-13 2012-04-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.
8 CVE-2011-2478 94 Exec Code 2012-04-17 2012-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
9 CVE-2011-3066 119 DoS Overflow 2012-04-05 2017-12-06
5.0
None Remote Low Not required None None Partial
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
10 CVE-2011-3067 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
11 CVE-2011-3068 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
12 CVE-2011-3069 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
13 CVE-2011-3070 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
14 CVE-2011-3071 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
15 CVE-2011-3072 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
16 CVE-2011-3073 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
17 CVE-2011-3074 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
18 CVE-2011-3075 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
19 CVE-2011-3076 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
20 CVE-2011-3077 399 DoS 2012-04-05 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
21 CVE-2011-3175 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
22 CVE-2011-3176 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
23 CVE-2011-3846 352 CSRF 2012-04-12 2012-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
24 CVE-2011-4042 Exec Code 2012-04-02 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
25 CVE-2011-4043 189 Exec Code Overflow 2012-04-02 2012-04-03
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
26 CVE-2011-4044 2012-04-02 2012-04-03
5.8
None Remote Medium Not required None Partial Partial
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
27 CVE-2011-4045 119 DoS Overflow 2012-04-02 2012-04-03
4.3
None Remote Medium Not required None None Partial
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
28 CVE-2011-4188 119 DoS Overflow 2012-04-09 2017-12-28
4.0
None Remote Low Single system None None Partial
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929.
29 CVE-2011-4535 119 DoS Exec Code Overflow 2012-04-02 2012-04-03
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
30 CVE-2011-4871 20 DoS 2012-04-18 2012-04-20
5.0
None Remote Low Not required None None Partial
Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.
31 CVE-2011-4874 399 DoS Exec Code 2012-04-13 2017-08-28
7.9
None Local Network Medium Not required Complete Complete Complete
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
32 CVE-2011-4880 22 Dir. Trav. 2012-04-13 2012-04-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request.
33 CVE-2011-4881 DoS 2012-04-13 2012-04-13
5.0
None Remote Low Not required None None Partial
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request.
34 CVE-2011-4882 94 DoS 2012-04-13 2012-04-13
5.0
None Remote Low Not required None None Partial
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request.
35 CVE-2011-4883 20 DoS 2012-04-13 2012-04-13
5.0
None Remote Low Not required None None Partial
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.
36 CVE-2011-5000 189 DoS 2012-04-05 2012-07-21
3.5
None Remote Medium Single system None None Partial
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
37 CVE-2011-5084 79 XSS 2012-04-02 2018-01-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
38 CVE-2011-5085 2012-04-02 2018-01-17
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.
39 CVE-2011-5086 20 DoS Exec Code 2012-04-18 2012-04-20
6.8
None Remote Medium Not required Partial Partial Partial
https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site.
40 CVE-2011-5087 2012-04-18 2013-01-03
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS.
41 CVE-2011-5088 Exec Code 2012-04-18 2012-04-19
9.3
None Remote Medium Not required Complete Complete Complete
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."
42 CVE-2011-5089 119 DoS Exec Code Overflow 2012-04-18 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.
43 CVE-2012-0036 89 Sql 2012-04-13 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
44 CVE-2012-0041 20 DoS 2012-04-11 2017-09-18
4.3
None Remote Medium Not required None None Partial
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
45 CVE-2012-0042 DoS 2012-04-11 2017-09-18
2.9
None Local Network Medium Not required None None Partial
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.
46 CVE-2012-0043 119 DoS Exec Code Overflow 2012-04-11 2017-09-18
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.
47 CVE-2012-0066 20 DoS 2012-04-11 2017-09-18
4.3
None Remote Medium Not required None None Partial
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
48 CVE-2012-0067 20 DoS 2012-04-11 2017-09-18
4.3
None Remote Medium Not required None None Partial
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
49 CVE-2012-0068 20 DoS 2012-04-11 2017-09-26
4.3
None Remote Medium Not required None None Partial
The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.
50 CVE-2012-0128 20 2012-04-05 2017-08-28
5.8
None Remote Medium Not required Partial Partial None
HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Total number of vulnerabilities : 228   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.