CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8351 CVE-2012-6066 287 Bypass 2012-12-04 2012-12-05
9.3
None Remote Medium Not required Complete Complete Complete
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
8352 CVE-2012-6046 94 1 2012-11-26 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
8353 CVE-2012-5975 287 1 Bypass 2012-12-04 2012-12-05
9.3
Admin Remote Medium Not required Complete Complete Complete
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
8354 CVE-2012-5973 94 Exec Code 2012-12-10 2017-12-07
10.0
None Remote Low Not required Complete Complete Complete
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.
8355 CVE-2012-5965 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
8356 CVE-2012-5964 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet.
8357 CVE-2012-5963 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.
8358 CVE-2012-5962 119 Exec Code Overflow 2013-01-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet.
8359 CVE-2012-5961 119 Exec Code Overflow 2013-01-31 2015-09-02
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.
8360 CVE-2012-5960 119 Exec Code Overflow 2013-01-31 2017-11-02
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.
8361 CVE-2012-5959 119 Exec Code Overflow 2013-01-31 2017-11-02
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.
8362 CVE-2012-5958 119 Exec Code Overflow 2013-01-31 2017-11-02
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
8363 CVE-2012-5955 Exec Code 2012-12-20 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.
8364 CVE-2012-5947 119 Exec Code Overflow 2013-04-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors.
8365 CVE-2012-5946 119 Exec Code Overflow 2013-04-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.
8366 CVE-2012-5945 119 Exec Code Overflow 2013-04-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.
8367 CVE-2012-5937 Exec Code 2013-04-12 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.
8368 CVE-2012-5932 94 Exec Code 2012-12-24 2013-01-08
10.0
None Remote Low Not required Complete Complete Complete
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
8369 CVE-2012-5897 264 1 2012-11-17 2017-09-01
9.3
None Remote Medium Not required Complete Complete Complete
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
8370 CVE-2012-5896 3 Exec Code 2012-11-17 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
8371 CVE-2012-5895 2012-11-17 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.
8372 CVE-2012-5864 264 1 2012-11-23 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.
8373 CVE-2012-5863 264 1 Exec Code 2012-11-23 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the ip_dominio parameter.
8374 CVE-2012-5862 310 1 2012-11-23 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.
8375 CVE-2012-5843 DoS Exec Code Mem. Corr. 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8376 CVE-2012-5842 DoS Exec Code Mem. Corr. 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8377 CVE-2012-5840 399 DoS Exec Code Mem. Corr. 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.
8378 CVE-2012-5839 119 Exec Code Overflow 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
8379 CVE-2012-5838 189 DoS Exec Code Mem. Corr. 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.
8380 CVE-2012-5836 94 DoS Exec Code 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.
8381 CVE-2012-5835 189 DoS Exec Code Overflow 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.
8382 CVE-2012-5833 264 DoS Exec Code Mem. Corr. 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.
8383 CVE-2012-5829 119 Exec Code Overflow 2012-11-21 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
8384 CVE-2012-5759 264 Bypass 2012-11-23 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors.
8385 CVE-2012-5692 2012-10-31 2012-10-31
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
8386 CVE-2012-5691 119 Exec Code Overflow 2012-12-19 2012-12-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
8387 CVE-2012-5690 94 Exec Code 2012-12-19 2012-12-19
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.
8388 CVE-2012-5680 119 Exec Code Overflow 2012-12-13 2012-12-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors.
8389 CVE-2012-5678 119 DoS Exec Code Overflow Mem. Corr. 2012-12-12 2018-12-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
8390 CVE-2012-5677 189 Exec Code Overflow 2012-12-12 2018-12-04
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
8391 CVE-2012-5676 119 Exec Code Overflow 2012-12-12 2018-12-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
8392 CVE-2012-5673 2012-11-13 2018-12-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors.
8393 CVE-2012-5417 264 Exec Code 2012-11-02 2013-02-25
10.0
None Remote Low Not required Complete Complete Complete
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.
8394 CVE-2012-5409 119 Exec Code Overflow 2012-11-01 2013-05-20
10.0
None Remote Low Not required Complete Complete Complete
AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.
8395 CVE-2012-5390 264 +Priv 2014-06-06 2014-06-09
10.0
None Remote Low Not required Complete Complete Complete
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.
8396 CVE-2012-5376 269 Bypass 2012-10-11 2019-09-27
9.3
None Remote Medium Not required Complete Complete Complete
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
8397 CVE-2012-5360 20 Exec Code 2018-02-08 2018-02-23
9.3
None Remote Medium Not required Complete Complete Complete
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.
8398 CVE-2012-5359 20 Exec Code 2018-02-08 2018-02-23
9.3
None Remote Medium Not required Complete Complete Complete
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.
8399 CVE-2012-5324 119 1 Exec Code Overflow 2012-10-08 2017-09-01
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key parameter to the InitFromRegistry function.
8400 CVE-2012-5311 119 DoS Exec Code Overflow 2012-10-08 2012-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.