CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-5185 20 2012-08-26 2012-09-05
10.0
None Remote Low Not required Complete Complete Complete
The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.
2 CVE-2010-5286 22 1 Dir. Trav. 2012-11-26 2012-11-27
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
3 CVE-2011-1377 2012-01-15 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.
4 CVE-2011-1389 22 Exec Code Dir. Trav. 2012-01-19 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.
5 CVE-2011-1914 119 Exec Code Overflow 2012-02-21 2012-02-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.
6 CVE-2011-3046 79 Exec Code XSS 2012-03-09 2020-04-16
10.0
None Remote Low Not required Complete Complete Complete
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
7 CVE-2011-3079 399 2012-05-01 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
8 CVE-2011-3086 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
9 CVE-2011-3087 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
10 CVE-2011-3089 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
11 CVE-2011-3091 399 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
12 CVE-2011-3092 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
13 CVE-2011-3095 20 DoS 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
14 CVE-2011-3097 20 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
15 CVE-2011-3099 399 DoS 2012-05-16 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
16 CVE-2011-3101 2012-05-16 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.
17 CVE-2011-3106 119 DoS Exec Code Overflow Mem. Corr. 2012-05-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
18 CVE-2011-3108 399 Exec Code 2012-05-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
19 CVE-2011-3175 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
20 CVE-2011-3176 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
21 CVE-2011-3478 287 Exec Code 2012-01-25 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
22 CVE-2011-4041 94 Exec Code 2012-02-06 2012-12-11
10.0
None Remote Low Not required Complete Complete Complete
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
23 CVE-2011-4134 119 Exec Code Overflow 2012-01-19 2012-01-20
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet.
24 CVE-2011-4135 22 Exec Code Dir. Trav. 2012-01-19 2012-01-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.
25 CVE-2011-4185 119 DoS Exec Code Overflow Mem. Corr. 2012-02-21 2012-02-22
10.0
None Remote Low Not required Complete Complete Complete
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436.
26 CVE-2011-4187 119 Exec Code Overflow 2012-02-21 2012-02-24
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173.
27 CVE-2011-4509 264 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
28 CVE-2011-4513 Exec Code 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
29 CVE-2011-4514 287 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
30 CVE-2011-4524 119 Exec Code Overflow 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
31 CVE-2011-4525 264 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.
32 CVE-2011-4526 119 Exec Code Overflow 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
33 CVE-2011-4659 264 2012-01-19 2012-02-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555.
34 CVE-2011-4789 119 Exec Code Overflow 2012-01-13 2012-11-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the vulnerable product is actually HP LoadRunner."
35 CVE-2011-4791 94 Exec Code 2012-02-03 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.
36 CVE-2011-5059 119 Exec Code Overflow 2012-01-10 2012-01-13
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrary code via a crafted SmartType element, a different vulnerability than CVE-2011-5002. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
37 CVE-2011-5089 119 DoS Exec Code Overflow 2012-04-18 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.
38 CVE-2011-5096 119 Exec Code Overflow 2012-07-03 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet.
39 CVE-2011-5121 310 2012-08-26 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors.
40 CVE-2011-5123 310 2012-08-26 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.
41 CVE-2011-5124 119 Exec Code Overflow 2012-08-26 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).
42 CVE-2011-5127 22 Exec Code Dir. Trav. 2012-08-26 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
43 CVE-2011-5133 2012-08-30 2012-09-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
44 CVE-2011-5227 119 Exec Code Overflow 2012-10-25 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
45 CVE-2012-0121 DoS Exec Code 2012-03-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.
46 CVE-2012-0122 DoS Exec Code 2012-03-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393.
47 CVE-2012-0123 DoS Exec Code 2012-03-14 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498.
48 CVE-2012-0124 DoS Exec Code 2012-03-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
49 CVE-2012-0127 Exec Code 2012-03-31 2017-12-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.
50 CVE-2012-0131 DoS 2012-04-05 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Total number of vulnerabilities : 961   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.