CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7851 CVE-2013-0002 119 Exec Code Overflow 2013-01-09 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
7852 CVE-2012-6706 190 Exec Code Overflow Mem. Corr. 2017-06-22 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
7853 CVE-2012-6695 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
7854 CVE-2012-6694 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.
7855 CVE-2012-6693 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.
7856 CVE-2012-6660 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
7857 CVE-2012-6605 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.
7858 CVE-2012-6604 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249.
7859 CVE-2012-6603 287 Bypass 2013-08-31 2013-10-07
10.0
None Remote Low Not required Complete Complete Complete
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
7860 CVE-2012-6602 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.
7861 CVE-2012-6601 78 Exec Code 2013-08-31 2013-10-07
10.0
None Remote Low Not required Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.
7862 CVE-2012-6600 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.
7863 CVE-2012-6599 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
7864 CVE-2012-6598 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.
7865 CVE-2012-6595 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.
7866 CVE-2012-6594 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.
7867 CVE-2012-6593 78 Exec Code 2013-08-31 2013-10-07
10.0
None Remote Low Not required Complete Complete Complete
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.
7868 CVE-2012-6592 78 Exec Code 2013-08-31 2013-10-07
10.0
None Remote Low Not required Complete Complete Complete
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091.
7869 CVE-2012-6591 78 Exec Code 2013-08-31 2013-10-07
9.0
None Remote Low Single system Complete Complete Complete
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.
7870 CVE-2012-6570 119 Exec Code Overflow 2013-06-20 2013-06-21
10.0
None Remote Low Not required Complete Complete Complete
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.
7871 CVE-2012-6569 119 Exec Code Overflow 2013-06-20 2013-06-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI.
7872 CVE-2012-6558 119 Exec Code Overflow 2013-05-23 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file.
7873 CVE-2012-6553 119 Exec Code Overflow 2013-05-23 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many tab or line feed characters.
7874 CVE-2012-6552 2013-05-10 2013-05-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors.
7875 CVE-2012-6535 94 DoS Exec Code Mem. Corr. 2013-12-02 2014-01-23
9.3
None Remote Medium Not required Complete Complete Complete
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
7876 CVE-2012-6503 2013-01-23 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
7877 CVE-2012-6470 119 DoS Exec Code Overflow 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
7878 CVE-2012-6468 119 DoS Exec Code Overflow Mem. Corr. 2013-01-02 2015-10-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
7879 CVE-2012-6465 94 DoS Exec Code 2013-01-02 2013-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
7880 CVE-2012-6440 287 2013-01-24 2013-01-25
9.3
None Remote Medium Not required Complete Complete Complete
The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic.
7881 CVE-2012-6437 287 Exec Code 2013-01-24 2013-01-25
10.0
None Remote Low Not required Complete Complete Complete
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image.
7882 CVE-2012-6429 119 Exec Code Overflow 2014-04-04 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
7883 CVE-2012-6428 255 2012-12-23 2013-01-08
10.0
None Remote Low Not required Complete Complete Complete
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
7884 CVE-2012-6422 264 +Priv 2012-12-17 2012-12-21
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
7885 CVE-2012-6392 20 Exec Code 2013-01-17 2013-01-29
10.0
None Remote Low Not required Complete Complete Complete
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.
7886 CVE-2012-6349 119 Exec Code Overflow 2013-07-18 2013-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.
7887 CVE-2012-6299 Bypass 2012-12-26 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.
7888 CVE-2012-6298 Exec Code 2012-12-26 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.
7889 CVE-2012-6275 119 Overflow 2013-02-24 2013-02-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
7890 CVE-2012-6271 2012-12-20 2017-11-16
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.
7891 CVE-2012-6270 2012-12-20 2017-11-16
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack.
7892 CVE-2012-6075 119 DoS Exec Code Overflow 2013-02-12 2014-04-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
7893 CVE-2012-6069 22 Dir. Trav. 2013-01-21 2015-10-08
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. (dot dot) in a request to the TCP listener service.
7894 CVE-2012-6068 264 Exec Code 2013-01-21 2013-01-22
10.0
None Remote Low Not required Complete Complete Complete
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
7895 CVE-2012-6067 287 Bypass 2012-12-04 2012-12-05
10.0
None Remote Low Not required Complete Complete Complete
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
7896 CVE-2012-6066 287 Bypass 2012-12-04 2012-12-05
9.3
None Remote Medium Not required Complete Complete Complete
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
7897 CVE-2012-6046 94 1 2012-11-26 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
7898 CVE-2012-5975 287 1 Bypass 2012-12-04 2012-12-05
9.3
Admin Remote Medium Not required Complete Complete Complete
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
7899 CVE-2012-5973 94 Exec Code 2012-12-10 2017-12-07
10.0
None Remote Low Not required Complete Complete Complete
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.
7900 CVE-2012-5965 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.