CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2012 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-1661 94 2 Exec Code 2012-07-12 2012-07-16
9.3
None Remote Medium Not required Complete Complete Complete
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
2 CVE-2012-0911 94 2 Exec Code 2012-07-12 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
3 CVE-2012-0276 119 2 DoS Exec Code Overflow 2012-07-17 2012-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.
4 CVE-2012-4061 89 1 Exec Code Sql 2012-07-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.
5 CVE-2012-4060 89 1 Exec Code Sql 2012-07-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
6 CVE-2012-4059 352 1 CSRF 2012-07-25 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
7 CVE-2012-4057 119 1 Exec Code Overflow 2012-07-25 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
8 CVE-2012-4056 89 1 Exec Code Sql 2012-07-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.
9 CVE-2012-4055 89 1 Exec Code Sql 2012-07-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
10 CVE-2012-4054 119 1 Exec Code Overflow 2012-07-25 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
11 CVE-2012-3841 1 Exec Code 2012-07-03 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory.
12 CVE-2012-3839 89 1 Exec Code Sql 2012-07-03 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.
13 CVE-2012-3834 89 1 Exec Code Sql 2012-07-03 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
14 CVE-2012-3399 20 1 Exec Code 2012-07-12 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
15 CVE-2012-3350 89 1 Exec Code Sql 2012-07-12 2018-05-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
16 CVE-2012-2962 89 1 Exec Code Sql 2012-07-30 2018-03-12
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
17 CVE-2012-2614 119 1 DoS Exec Code Overflow 2012-07-12 2012-08-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.
18 CVE-2012-0282 119 1 DoS Exec Code Overflow 2012-07-17 2012-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
19 CVE-2012-0277 119 1 DoS Exec Code Overflow 2012-07-17 2012-08-01
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
20 CVE-2011-2657 22 1 Exec Code Dir. Trav. 2012-07-26 2012-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.
21 CVE-2012-4068 119 Exec Code Overflow 2012-07-26 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.
22 CVE-2012-4053 352 CSRF 2012-07-25 2019-07-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
23 CVE-2012-4050 2012-07-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
24 CVE-2012-4045 119 Exec Code Overflow 2012-07-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
25 CVE-2012-4033 2012-07-18 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
26 CVE-2012-4028 255 Bypass 2012-07-16 2012-12-04
7.8
None Remote Low Not required Complete None None
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
27 CVE-2012-4025 190 Exec Code Overflow 2012-07-19 2020-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
28 CVE-2012-4024 787 Exec Code Overflow 2012-07-19 2020-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
29 CVE-2012-3998 89 Exec Code Sql 2012-07-12 2012-07-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php.
30 CVE-2012-3951 89 Exec Code Sql 2012-07-31 2018-03-12
7.5
None Remote Low Not required Partial Partial Partial
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
31 CVE-2012-3890 119 DoS Overflow Mem. Corr. 2012-07-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
32 CVE-2012-3889 119 DoS Overflow Mem. Corr. 2012-07-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
33 CVE-2012-3885 287 2012-07-26 2012-07-27
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack.
34 CVE-2012-3881 89 Exec Code Sql 2012-07-12 2012-07-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php.
35 CVE-2012-3859 2012-07-09 2012-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
36 CVE-2012-3817 20 DoS 2012-07-25 2018-10-30
7.8
None Remote Low Not required None None Complete
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
37 CVE-2012-3811 Exec Code 2012-07-03 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
38 CVE-2012-3697 264 Bypass 2012-07-25 2012-07-30
7.1
None Remote Medium Not required Complete None None
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.
39 CVE-2012-3686 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
40 CVE-2012-3683 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
41 CVE-2012-3682 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
42 CVE-2012-3681 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
43 CVE-2012-3680 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
44 CVE-2012-3679 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
45 CVE-2012-3678 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
46 CVE-2012-3674 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
47 CVE-2012-3670 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
48 CVE-2012-3669 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
49 CVE-2012-3668 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
50 CVE-2012-3667 119 DoS Exec Code Overflow Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
Total number of vulnerabilities : 229   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.