CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2012 (CVSS score >= 7)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-6428 255 2012-12-23 2013-01-08
10.0
 None Remote Low Not required Complete Complete Complete
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
2 CVE-2012-6427 89 Exec Code Sql 2012-12-23 2012-12-24
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.
3 CVE-2012-6422 264 +Priv 2012-12-18 2012-12-21
9.3
 None Remote Medium Not required Complete Complete Complete
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
4 CVE-2012-6299 Bypass 2012-12-26 2018-08-13
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.
5 CVE-2012-6298 Exec Code 2012-12-26 2018-08-13
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.
6 CVE-2012-6271 2012-12-20 2017-11-17
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra.
7 CVE-2012-6270 2012-12-20 2017-11-17
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave content with a certain compatibility parameter, related to a "downgrading" attack.
8 CVE-2012-6067 287 Bypass 2012-12-04 2012-12-05
10.0
 None Remote Low Not required Complete Complete Complete
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
9 CVE-2012-6066 287 Bypass 2012-12-04 2012-12-05
9.3
 None Remote Medium Not required Complete Complete Complete
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
10 CVE-2012-5975 287 1 Bypass 2012-12-04 2012-12-05
9.3
 None Remote Medium Not required Complete Complete Complete
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
11 CVE-2012-5973 94 Exec Code 2012-12-10 2017-12-07
10.0
 None Remote Low Not required Complete Complete Complete
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.
12 CVE-2012-5955 Exec Code 2012-12-20 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.
13 CVE-2012-5951 264 +Priv 2012-12-26 2017-08-29
7.2
 None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.
14 CVE-2012-5932 94 Exec Code 2012-12-24 2021-04-13
10.0
 None Remote Low Not required Complete Complete Complete
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
15 CVE-2012-5691 119 Exec Code Overflow 2012-12-19 2012-12-19
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
16 CVE-2012-5690 94 Exec Code 2012-12-19 2012-12-19
9.3
 None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.
17 CVE-2012-5688 20 DoS 2012-12-06 2018-12-06
7.8
 None Remote Low Not required None None Complete
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
18 CVE-2012-5680 119 Exec Code Overflow 2012-12-13 2012-12-17
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors.
19 CVE-2012-5679 119 Exec Code Overflow 2012-12-13 2012-12-13
7.5
 None Remote Low Not required Partial Partial Partial
Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors.
20 CVE-2012-5678 119 DoS Exec Code Overflow Mem. Corr. 2012-12-12 2018-12-04
10.0
 None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
21 CVE-2012-5677 189 Exec Code Overflow 2012-12-12 2018-12-04
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
22 CVE-2012-5676 119 Exec Code Overflow 2012-12-12 2018-12-04
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
23 CVE-2012-5664 89 Exec Code Sql 2012-12-26 2012-12-27
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Authlogic gem for Ruby on Rails allows remote attackers to execute arbitrary SQL commands via a crafted parameter in conjunction with a secret_token value, related to certain behavior of find_by_id and other find_by_ methods.
24 CVE-2012-5642 2012-12-31 2013-12-05
7.5
 None Remote Low Not required Partial Partial Partial
server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.
25 CVE-2012-5590 89 Exec Code Sql 2012-12-26 2013-02-26
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
26 CVE-2012-5576 787 DoS Exec Code Overflow 2012-12-18 2022-02-07
7.5
 None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
27 CVE-2012-5550 89 Exec Code Sql 2012-12-03 2012-12-04
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2012-5534 20 Exec Code 2012-12-03 2014-02-07
7.5
 None Remote Low Not required Partial Partial Partial
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
29 CVE-2012-5469 264 Bypass 2012-12-20 2012-12-28
7.5
 None Remote Low Not required Partial Partial Partial
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
30 CVE-2012-5468 119 DoS Exec Code Overflow 2012-12-18 2017-08-29
7.5
 None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters.
31 CVE-2012-5195 119 DoS Exec Code Overflow 2012-12-18 2016-12-08
7.5
 None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
32 CVE-2012-5161 Exec Code 2012-12-26 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
33 CVE-2012-5144 119 DoS Overflow Mem. Corr. 2012-12-12 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
34 CVE-2012-5143 190 DoS Overflow 2012-12-12 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.
35 CVE-2012-5142 94 DoS Exec Code 2012-12-12 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
36 CVE-2012-5141 2012-12-12 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
37 CVE-2012-5140 416 DoS 2012-12-12 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
38 CVE-2012-5139 416 DoS 2012-12-12 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
39 CVE-2012-5138 2012-12-04 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.
40 CVE-2012-5137 416 DoS 2012-12-04 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
41 CVE-2012-5129 119 DoS Overflow 2012-12-04 2018-10-30
7.5
 None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors.
42 CVE-2012-4991 22 1 Dir. Trav. 2012-12-13 2012-12-13
8.5
 None Remote Low ??? Complete Complete None
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
43 CVE-2012-4971 89 Exec Code Sql 2012-12-12 2012-12-12
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp.
44 CVE-2012-4859 2012-12-21 2017-08-29
7.2
 None Local Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors.
45 CVE-2012-4857 119 Exec Code Overflow 2012-12-08 2017-08-29
9.0
 None Remote Low ??? Complete Complete Complete
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.
46 CVE-2012-4856 255 Exec Code 2012-12-20 2017-08-29
7.9
 None Local Network Medium Not required Complete Complete Complete
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.
47 CVE-2012-4816 264 Bypass 2012-12-26 2017-08-29
7.5
 None Remote Low Not required Partial Partial Partial
IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
48 CVE-2012-4792 399 Exec Code 2012-12-30 2020-09-28
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
49 CVE-2012-4787 399 Exec Code 2012-12-12 2020-09-28
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
50 CVE-2012-4786 94 Exec Code 2012-12-12 2018-10-12
10.0
 None Remote Low Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
Total number of vulnerabilities : 72   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.