CVE Daily
← All years

All CVEs — 2012

Page 3/26.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2012-11-21
Medium

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4205

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which a…

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2012-4204

The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a deni…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4202

Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.1…

CVSS: 9.3 CWE: CWE-787
Read more
Medium

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incor…

CVSS: 4.3 CWE: CWE-79
Read more
2012-11-20
Medium

CVE-2012-5703

The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2012-5920

Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inje…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4563

Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vector…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the inst…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

CVSS: 5.0 CWE: CWE-20
Read more
2012-11-19
Medium

CVE-2012-5919

Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/find…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5854

Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2012-4541

Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-0433

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (c…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2012-4533

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated…

CVSS: 4.3 CWE: CWE-79
Read more
2012-11-18
Medium

CVE-2012-4552

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message,…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2012-4520

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host…

CVSS: 6.4 CWE: CWE-20
Read more
Medium

CVE-2012-4950

Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters t…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-4945

Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection" issue.

CVSS: 7.5 CWE: CWE-20
Read more
Medium

CVE-2012-4943

Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for requ…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-4942

Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text fi…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-4941

Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Low

CVE-2012-4938

Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2012-4935

Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users.

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2012-4959

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of…

CVSS: 10.0 CWE: CWE-22
Read more
High

CVE-2012-4958

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2012-4957

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an…

CVSS: 7.8 CWE: CWE-22
Read more
Critical

CVE-2012-4956

Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2012-4575

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

CVSS: 5.0 CWE: CWE-119
Read more
2012-11-17
Medium

CVE-2012-5917

SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file.

CVSS: 4.3 CWE: CWE-119
Read more
Medium

CVE-2012-5916

Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2012-5915

Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/mai…

CVSS: 5.0 CWE: CWE-200
Read more
Low

CVE-2012-5914

Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or H…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2012-5913

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5912

Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5911

Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5910

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.

CVSS: 6.5 CWE: CWE-89
Read more
High

CVE-2012-5909

SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5908

Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergrou…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5907

Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" acti…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2012-5906

Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the la…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5905

Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.

CVSS: 4.0 CWE: CWE-119
Read more
Medium

CVE-2012-5904

Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2012-5903

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5902

Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5900

Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5899

Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5898

Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2012-5894

SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5891

Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests th…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-5890

The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2012-5889

Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5888

Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5887

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session…

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2012-5856

Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
2012-11-16
Medium

CVE-2012-5172

The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application.

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2012-2733

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2012-5884

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSO…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2012-5883

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x an…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5882

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploade…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5881

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4199

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2012-4198

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups reque…

CVSS: 4.0 CWE: CWE-200
Read more
Medium

CVE-2012-4197

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers t…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2012-4189

Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a c…

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2012-4613

EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypas…

CVSS: 6.9 CWE: CWE-287
Read more
Medium

CVE-2012-4612

Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79
Read more
2012-11-15
Medium

CVE-2012-5851

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remo…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4955

Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web scri…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-4951

Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalI…

CVSS: 7.5 CWE: CWE-89
Read more
2012-11-14
Critical

CVE-2012-4953

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-4949

SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2012-4948

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier…

CVSS: 5.3 CWE: CWE-295
Read more
Medium

CVE-2012-4853

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hij…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-4851

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-4850

IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.

CVSS: 7.5 CWE: CWE-20
Read more
Critical

CVE-2012-3569

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attacker…

CVSS: 9.3 CWE: CWE-134
Read more
High

CVE-2012-2619

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cau…

CVSS: 7.8 CWE: CWE-20
Read more
Critical

CVE-2012-4776

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy setting…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2012-2543

Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-2532

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive informa…

CVSS: 5.0 CWE: CWE-200
Read more
Low

CVE-2012-2531

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulner…

CVSS: 2.1 CWE: CWE-200
Read more
Medium

CVE-2012-1896

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2012-1886

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-1885

Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbi…

CVSS: 9.3 CWE: CWE-119
Read more
2012-11-13
Critical

CVE-2012-5287

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5286

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5285

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2012-1812

eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000.

CVSS: 5.0 CWE: CWE-200
Read more
2012-11-11
Medium

CVE-2012-4884

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG clie…

CVSS: 5.0 CWE: CWE-94
Read more
Medium

CVE-2012-4732

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authe…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-4513

khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpect…

CVSS: 6.4 CWE: CWE-119
Read more
Critical

CVE-2012-4505

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP resp…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-4504

Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.

CVSS: 10.0 CWE: CWE-119
Read more
2012-11-09
Critical

CVE-2012-3758

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack e…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3756

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3755

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3753

Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-3752

Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2011-1374

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file.

CVSS: 9.3 CWE: CWE-119
Read more
2012-11-08
Medium

CVE-2012-5171

Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2012-4023

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2012-4021

MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information…

CVSS: 5.5 CWE: CWE-287
Read more
Medium

CVE-2012-3315

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require a…

CVSS: 5.0 CWE: CWE-287
Read more
2012-11-07
Medium

CVE-2012-5424

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, whi…

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2012-5128

Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspec…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2012-5126

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of…

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2012-5125

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of…

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2012-5124

Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unkno…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2012-5123

Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-119
Read more
High

CVE-2012-5121

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2012-5120

Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via c…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2012-5119

Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers.

CVSS: 6.8 CWE: CWE-362
Read more
High

CVE-2012-5118

Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or pos…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2012-5116

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of…

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2012-5115

Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspe…

CVSS: 7.5 CWE: CWE-119
Read more
Critical

CVE-2012-5280

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5279

Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more