CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5051 CVE-2011-0433 119 DoS Exec Code Overflow 2012-11-19 2017-07-01
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
5052 CVE-2011-0011 287 Bypass 2012-06-21 2020-11-02
4.3
None Local Network High Not required Partial Partial Partial
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
5053 CVE-2011-0006 264 Bypass 2012-06-21 2012-06-26
1.9
None Local Medium Not required None Partial None
The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.
5054 CVE-2010-5286 22 1 Dir. Trav. 2012-11-26 2012-11-27
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
5055 CVE-2010-5285 352 2 CSRF 2012-11-26 2012-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
5056 CVE-2010-5284 79 2 XSS 2012-11-26 2013-08-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.
5057 CVE-2010-5283 352 1 CSRF 2012-11-26 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.
5058 CVE-2010-5282 79 1 XSS 2012-11-26 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html.
5059 CVE-2010-5281 22 1 Dir. Trav. 2012-11-26 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
5060 CVE-2010-5280 22 2 Exec Code Dir. Trav. 2012-11-26 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
5061 CVE-2010-5279 189 DoS 2012-10-08 2012-10-08
5.0
None Remote Low Not required None None Partial
article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to cause a denial of service (memory consumption) via a large integer in the ratearticleselect parameter.
5062 CVE-2010-5278 22 1 Dir. Trav. 2012-10-07 2020-01-10
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.
5063 CVE-2010-5277 Bypass 2012-10-07 2017-08-29
4.9
None Remote Medium ??? None Partial Partial
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors.
5064 CVE-2010-5276 264 2012-10-07 2012-10-08
4.3
None Remote Medium Not required None Partial None
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again."
5065 CVE-2010-5275 79 XSS 2012-10-07 2012-10-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5066 CVE-2010-5274 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in PKZIP before 12.50.0014 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .zip file. NOTE: some of these details are obtained from third party information.
5067 CVE-2010-5273 +Priv 2012-09-07 2013-01-04
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .dbdif file. NOTE: some of these details are obtained from third party information.
5068 CVE-2010-5272 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .qprj file. NOTE: some of these details are obtained from third party information.
5069 CVE-2010-5271 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Altova MapForce 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mfd file. NOTE: some of these details are obtained from third party information.
5070 CVE-2010-5270 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in Adobe Device Central CS4 2.0.0 0476 allow local users to gain privileges via a Trojan horse (1) ibfs32.dll or (2) amt_cdb.dll file in the current working directory, as demonstrated by a directory that contains a .adcp file. NOTE: some of these details are obtained from third party information.
5071 CVE-2010-5269 +Priv 2012-09-07 2012-09-10
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in tbb.dll in Intel Threading Building Blocks (TBB) 2.2.013 allows local users to gain privileges via a Trojan horse tbbmalloc.dll file in the current working directory, as demonstrated by a directory that contains a .pbk file. NOTE: some of these details are obtained from third party information.
5072 CVE-2010-5268 +Priv 2012-09-07 2012-09-10
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained from third party information.
5073 CVE-2010-5267 1 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in MunSoft Easy Office Recovery 1.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .ppt file. NOTE: some of these details are obtained from third party information.
5074 CVE-2010-5266 1 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .vsc file. NOTE: some of these details are obtained from third party information.
5075 CVE-2010-5265 1 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in SmartSniff 1.71 allows local users to gain privileges via a Trojan horse wpcap.dll file in the current working directory, as demonstrated by a directory that contains a .cfg or .ssp file. NOTE: some of these details are obtained from third party information.
5076 CVE-2010-5264 1 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ProfUIS290m.dll and ProfUIS290m-RDE.dll in Prof-UIS before 2.9.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: some of these details are obtained from third party information.
5077 CVE-2010-5263 1 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Build 610 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .flv file. NOTE: some of these details are obtained from third party information.
5078 CVE-2010-5262 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in Gromada Multimedia Conversion Library 5.4.0 allow local users to gain privileges via a Trojan horse (1) libgif-1.1.0.dll or (2) libhav-1.0.1.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5079 CVE-2010-5261 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in SnowFox Total Video Converter 2.5.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information.
5080 CVE-2010-5260 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .ifo file. NOTE: some of these details are obtained from third party information.
5081 CVE-2010-5259 +Priv 2012-09-07 2012-09-11
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse (1) wnaspi32.dll or (2) ntaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .img file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5082 CVE-2010-5258 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 allows local users to gain privileges via a Trojan horse Assist.Dll file in the current working directory, as demonstrated by a directory that contains a .ses file. NOTE: some of these details are obtained from third party information.
5083 CVE-2010-5257 +Priv 2012-09-07 2012-09-21
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 allow local users to gain privileges via a Trojan horse (1) srcsrv.dll or (2) GSAutoTester.DLL file in the current working directory, as demonstrated by a directory that contains a .2df file. NOTE: some of these details are obtained from third party information.
5084 CVE-2010-5256 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in CDisplay 1.8.1 allows local users to gain privileges via a Trojan horse TRACE32.DLL file in the current working directory, as demonstrated by a directory that contains a .cba file. NOTE: some of these details are obtained from third party information.
5085 CVE-2010-5255 +Priv 2012-09-07 2012-09-21
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows local users to gain privileges via a Trojan horse daemon.dll file in the current working directory, as demonstrated by a directory that contains a .iso file. NOTE: some of these details are obtained from third party information.
5086 CVE-2010-5254 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. NOTE: some of these details are obtained from third party information.
5087 CVE-2010-5253 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in WinImage 8.50 allows local users to gain privileges via a Trojan horse wnaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .imz file. NOTE: some of these details are obtained from third party information.
5088 CVE-2010-5252 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in HTTrack 3.43-9 allows local users to gain privileges via a Trojan horse httrack-plugin.dll file in the current working directory, as demonstrated by a directory that contains a .whtt file. NOTE: some of these details are obtained from third party information.
5089 CVE-2010-5251 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5090 CVE-2010-5250 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information.
5091 CVE-2010-5249 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 and Sophos SafeGuard PrivateCrypto 2.40.1.2 allows local users to gain privileges via a Trojan horse pcrypt0406.dll file in the current working directory, as demonstrated by a directory that contains a .uti file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5092 CVE-2010-5248 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information.
5093 CVE-2010-5247 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information.
5094 CVE-2010-5246 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6.7.35 and 2.5.15 allow local users to gain privileges via a Trojan horse (1) RSRC32.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .html file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5095 CVE-2010-5245 +Priv 2012-09-07 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.
5096 CVE-2010-5244 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 2010.7.16.52 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .sis file. NOTE: some of these details are obtained from third party information.
5097 CVE-2010-5243 +Priv 2012-09-07 2012-09-21
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .p2g, .iso, .pdl, .pds, or .p2i file. NOTE: some of these details are obtained from third party information.
5098 CVE-2010-5242 +Priv 2012-09-07 2012-09-21
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from third party information.
5099 CVE-2010-5241 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dwg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5100 CVE-2010-5240 +Priv 2012-09-07 2012-09-07
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 (This Page)103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.