CVE-2012-4681

Known exploited
Public exploit
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
Max CVSS
10.0
EPSS Score
97.52%
Published
2012-08-28
Updated
2022-12-21
CISA KEV Added
2022-03-03

CVE-2012-4598

Public exploit
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
Max CVSS
9.3
EPSS Score
93.63%
Published
2012-08-22
Updated
2012-08-22

CVE-2012-4361

Public exploit
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
Max CVSS
7.7
EPSS Score
16.61%
Published
2012-08-20
Updated
2012-08-21

CVE-2012-4356

Public exploit
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
Max CVSS
4.3
EPSS Score
1.69%
Published
2012-08-19
Updated
2012-08-20

CVE-2012-4333

Public exploit
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
61.17%
Published
2012-08-14
Updated
2017-08-29

CVE-2012-4177

Public exploit
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
Max CVSS
10.0
EPSS Score
87.33%
Published
2012-08-07
Updated
2013-04-02

CVE-2012-3579

Public exploit
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
Max CVSS
7.9
EPSS Score
10.80%
Published
2012-08-29
Updated
2017-08-29

CVE-2012-3485

Public exploit
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
Max CVSS
7.2
EPSS Score
0.21%
Published
2012-08-26
Updated
2013-12-13

CVE-2012-1535

Known exploited
Public exploit
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
Max CVSS
9.3
EPSS Score
93.75%
Published
2012-08-15
Updated
2018-10-30
CISA KEV Added
2022-03-03

CVE-2011-5130

Public exploit
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
Max CVSS
6.8
EPSS Score
74.64%
Published
2012-08-30
Updated
2017-08-29

CVE-2011-5124

Public exploit
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).
Max CVSS
10.0
EPSS Score
56.01%
Published
2012-08-26
Updated
2012-08-27

CVE-2010-5193

Public exploit
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
Max CVSS
9.3
EPSS Score
94.42%
Published
2012-08-31
Updated
2017-08-29
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!