CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8301 CVE-2012-3324 22 Dir. Trav. 2012-09-25 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
8302 CVE-2012-3298 DoS +Info 2012-09-25 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
8303 CVE-2012-3290 2012-06-07 2012-06-12
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors.
8304 CVE-2012-3288 20 DoS Exec Code Mem. Corr. 2012-06-14 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
8305 CVE-2012-3285 Exec Code 2013-02-06 2013-02-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.
8306 CVE-2012-3284 Exec Code 2013-02-06 2013-02-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512.
8307 CVE-2012-3283 Exec Code 2013-02-06 2013-02-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511.
8308 CVE-2012-3282 Exec Code 2013-02-06 2013-02-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468.
8309 CVE-2012-3278 119 Exec Code Overflow 2013-01-25 2013-01-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet.
8310 CVE-2012-3275 Exec Code 2012-12-06 2013-03-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors.
8311 CVE-2012-3274 119 Exec Code Overflow 2012-12-06 2012-12-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
8312 CVE-2012-3271 +Info 2012-11-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.
8313 CVE-2012-3270 DoS +Info 2012-11-07 2013-06-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269.
8314 CVE-2012-3263 Exec Code 2012-09-25 2016-09-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465.
8315 CVE-2012-3262 Exec Code 2012-09-25 2016-09-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.
8316 CVE-2012-3261 Exec Code 2012-09-25 2016-09-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.
8317 CVE-2012-3260 Exec Code 2012-09-25 2016-09-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.
8318 CVE-2012-3259 Exec Code 2012-09-25 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461.
8319 CVE-2012-3258 Exec Code 2012-09-19 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors.
8320 CVE-2012-3254 Exec Code Overflow 2012-08-30 2012-08-31
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.
8321 CVE-2012-3253 Exec Code Overflow 2012-08-30 2012-08-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet.
8322 CVE-2012-3220 2013-01-16 2017-09-18
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors.
8323 CVE-2012-3213 2013-02-01 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
8324 CVE-2012-3202 2012-10-16 2013-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085.
8325 CVE-2012-3174 264 2013-01-14 2014-02-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
8326 CVE-2012-3163 2012-10-16 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
8327 CVE-2012-3143 2012-10-16 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089.
8328 CVE-2012-3136 2012-08-30 2013-04-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.
8329 CVE-2012-3135 2012-07-17 2017-11-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8330 CVE-2012-3105 119 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101.
8331 CVE-2012-3088 2012-09-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
8332 CVE-2012-3076 78 Exec Code 2012-07-12 2012-07-12
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.
8333 CVE-2012-3075 78 Exec Code 2012-07-12 2012-07-12
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
8334 CVE-2012-3057 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755.
8335 CVE-2012-3056 119 DoS Exec Code Overflow Mem. Corr. 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946.
8336 CVE-2012-3055 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953.
8337 CVE-2012-3054 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977.
8338 CVE-2012-3053 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985.
8339 CVE-2012-3026 20 DoS Exec Code Mem. Corr. 2012-11-01 2013-04-12
10.0
None Remote Low Not required Complete Complete Complete
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021.
8340 CVE-2012-3021 20 DoS Exec Code Mem. Corr. 2012-11-01 2013-04-12
10.0
None Remote Low Not required Complete Complete Complete
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026.
8341 CVE-2012-3013 255 2012-09-06 2013-10-08
10.0
None Remote Low Not required Complete Complete Complete
WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session.
8342 CVE-2012-3010 20 DoS Exec Code Mem. Corr. 2012-11-01 2013-04-12
10.0
None Remote Low Not required Complete Complete Complete
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026.
8343 CVE-2012-3002 287 Bypass 2012-12-21 2013-03-01
10.0
None Remote Low Not required Complete Complete Complete
The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.
8344 CVE-2012-2990 94 2012-08-24 2012-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.
8345 CVE-2012-2976 78 Exec Code 2012-07-23 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue.
8346 CVE-2012-2974 287 Bypass 2012-07-19 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/.
8347 CVE-2012-2953 78 Exec Code 2012-07-23 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
8348 CVE-2012-2949 264 +Priv 2012-05-29 2012-05-30
10.0
None Remote Low Not required Complete Complete Complete
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.
8349 CVE-2012-2915 119 Exec Code Overflow 2012-05-21 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
8350 CVE-2012-2897 119 Exec Code Overflow 2012-09-26 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.