CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2012 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-3816 1 DoS 2012-06-27 2017-08-29
7.8
None Remote Low Not required None None Complete
WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet.
2 CVE-2012-3815 119 Exec Code Overflow 2012-06-27 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
3 CVE-2012-3814 264 1 Exec Code 2012-06-27 2012-06-28
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
4 CVE-2012-3797 119 DoS Overflow Mem. Corr. 2012-06-25 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.
5 CVE-2012-3791 89 1 Exec Code Sql 2012-06-21 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
6 CVE-2012-3577 264 1 Exec Code 2012-06-17 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
7 CVE-2012-3576 264 1 Exec Code 2012-06-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.
8 CVE-2012-3575 264 1 Exec Code 2012-06-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.
9 CVE-2012-3574 1 Exec Code 2012-06-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.
10 CVE-2012-3561 119 DoS Exec Code Overflow Mem. Corr. 2012-06-14 2012-08-14
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
11 CVE-2012-3559 2012-06-14 2012-08-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue."
12 CVE-2012-3556 20 Exec Code XSS 2012-06-14 2012-06-15
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
13 CVE-2012-3555 Exec Code XSS 2012-06-14 2012-06-20
7.6
None Remote High Not required Complete Complete Complete
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue.
14 CVE-2012-3292 264 +Priv 2012-06-07 2012-09-07
7.6
None Remote High Not required Complete Complete Complete
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
15 CVE-2012-3291 119 DoS Overflow 2012-06-07 2018-01-05
7.8
None Remote Low Not required None None Complete
Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.
16 CVE-2012-3290 2012-06-07 2012-06-12
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors.
17 CVE-2012-3289 94 DoS 2012-06-14 2012-06-15
7.8
None Remote Low Not required None None Complete
VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.
18 CVE-2012-3288 20 DoS Exec Code Mem. Corr. 2012-06-14 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
19 CVE-2012-3105 119 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101.
20 CVE-2012-3063 362 Bypass 2012-06-20 2013-03-22
7.1
None Remote High ??? Complete Complete Complete
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
21 CVE-2012-3058 DoS 2012-06-20 2013-03-22
7.8
None Remote Low Not required None None Complete
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134.
22 CVE-2012-3057 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755.
23 CVE-2012-3056 119 DoS Exec Code Overflow Mem. Corr. 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946.
24 CVE-2012-3055 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953.
25 CVE-2012-3054 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977.
26 CVE-2012-3053 119 Exec Code Overflow 2012-06-29 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985.
27 CVE-2012-3006 310 2012-06-19 2019-08-29
7.1
None Remote High ??? Complete Complete Complete
The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.
28 CVE-2012-2944 119 DoS Exec Code Overflow 2012-06-01 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.
29 CVE-2012-2834 189 DoS Overflow 2012-06-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
30 CVE-2012-2833 119 DoS Overflow 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
31 CVE-2012-2831 399 DoS 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.
32 CVE-2012-2830 DoS 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.
33 CVE-2012-2829 399 DoS 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
34 CVE-2012-2827 399 DoS 2012-06-27 2012-06-29
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
35 CVE-2012-2824 399 DoS 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
36 CVE-2012-2823 399 DoS 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.
37 CVE-2012-2821 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.
38 CVE-2012-2818 399 DoS 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature.
39 CVE-2012-2817 399 DoS 2012-06-27 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.
40 CVE-2012-2816 DoS 2012-06-27 2017-09-19
7.8
None Remote Low Not required None None Complete
Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors.
41 CVE-2012-2764 +Priv 2012-06-27 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.
42 CVE-2012-2762 89 Exec Code Sql 2012-06-07 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
43 CVE-2012-2752 +Priv 2012-06-01 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
44 CVE-2012-2730 264 Bypass 2012-06-27 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
45 CVE-2012-2718 89 Exec Code Sql 2012-06-21 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
46 CVE-2012-2695 89 Sql 2012-06-22 2019-08-08
7.5
None Remote Low Not required Partial Partial Partial
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
47 CVE-2012-2691 264 2012-06-17 2021-01-12
7.5
None Remote Low Not required Partial Partial Partial
The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.
48 CVE-2012-2671 +Info 2012-06-17 2013-08-28
7.5
None Remote Low Not required Partial Partial Partial
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.
49 CVE-2012-2493 20 Exec Code 2012-06-20 2012-06-21
9.3
None Remote Medium Not required Complete Complete Complete
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
50 CVE-2012-2395 Exec Code 2012-06-16 2012-07-22
7.5
None Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
Total number of vulnerabilities : 138   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.