CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2012 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2012-2974 287 Bypass 2012-07-19 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/.
102 CVE-2012-2970 399 DoS 2012-07-09 2012-07-10
7.8
None Remote Low Not required None None Complete
The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735.
103 CVE-2012-2961 89 Exec Code Sql 2012-07-23 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
104 CVE-2012-2957 264 +Priv File Inclusion 2012-07-23 2017-12-22
7.2
None Local Low Not required Complete Complete Complete
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
105 CVE-2012-2953 78 Exec Code 2012-07-23 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
106 CVE-2012-2844 DoS 2012-07-12 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document.
107 CVE-2012-2843 399 DoS 2012-07-12 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.
108 CVE-2012-2842 399 DoS 2012-07-12 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.
109 CVE-2012-2841 189 Exec Code Overflow 2012-07-13 2021-01-26
7.5
None Remote Low Not required Partial Partial Partial
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
110 CVE-2012-2840 189 DoS Exec Code 2012-07-13 2021-01-26
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
111 CVE-2012-2814 119 DoS Exec Code Overflow 2012-07-13 2021-01-26
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
112 CVE-2012-2763 120 Exec Code Overflow 2012-07-12 2022-02-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
113 CVE-2012-2747 +Priv 2012-07-03 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."
114 CVE-2012-2688 Overflow 2012-07-20 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
115 CVE-2012-2653 +Priv 2012-07-12 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
116 CVE-2012-2627 2012-07-31 2018-03-12
9.4
None Remote Low Not required None Complete Complete
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
117 CVE-2012-2607 78 2012-07-16 2012-07-17
7.5
None Remote Low Not required Partial Partial Partial
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
118 CVE-2012-2574 89 Exec Code Sql 2012-07-23 2017-12-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
119 CVE-2012-2559 399 DoS Exec Code 2012-07-05 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
120 CVE-2012-2516 78 Exec Code 2012-07-05 2012-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."
121 CVE-2012-2515 119 Exec Code Overflow 2012-07-05 2012-07-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
122 CVE-2012-2486 94 Exec Code 2012-07-12 2018-10-30
8.3
None Local Network Low Not required Complete Complete Complete
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.
123 CVE-2012-2386 189 DoS Exec Code Overflow 2012-07-07 2012-09-22
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
124 CVE-2012-2306 89 Exec Code Sql 2012-07-25 2012-09-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
125 CVE-2012-2303 264 +Info 2012-07-18 2012-08-09
7.5
None Remote Low Not required Partial Partial Partial
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
126 CVE-2012-2197 119 Exec Code Overflow 2012-07-25 2017-12-22
7.1
None Remote High ??? Complete Complete Complete
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.
127 CVE-2012-2163 264 Exec Code 2012-07-30 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue.
128 CVE-2012-2152 119 DoS Exec Code Overflow 2012-07-25 2012-11-06
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet.
129 CVE-2012-2140 20 Exec Code 2012-07-18 2012-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
130 CVE-2012-2100 189 DoS 2012-07-03 2013-02-08
7.1
None Remote Medium Not required None None Complete
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.
131 CVE-2012-2088 189 DoS Exec Code Overflow 2012-07-22 2017-12-29
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
132 CVE-2012-2020 Exec Code 2012-07-11 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.
133 CVE-2012-2019 Exec Code 2012-07-11 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.
134 CVE-2012-1967 Exec Code 2012-07-18 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.
135 CVE-2012-1962 399 DoS Exec Code Mem. Corr. 2012-07-18 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.
136 CVE-2012-1958 399 Exec Code 2012-07-18 2017-12-29
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.
137 CVE-2012-1954 399 DoS Exec Code Mem. Corr. 2012-07-18 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.
138 CVE-2012-1953 119 DoS Exec Code Overflow 2012-07-18 2017-12-29
9.3
None Remote Medium Not required Complete Complete Complete
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.
139 CVE-2012-1952 399 Exec Code 2012-07-18 2017-12-29
9.3
None Remote Medium Not required Complete Complete Complete
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.
140 CVE-2012-1951 399 DoS Exec Code Mem. Corr. 2012-07-18 2017-12-29
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.
141 CVE-2012-1949 DoS Exec Code Mem. Corr. 2012-07-18 2017-12-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
142 CVE-2012-1948 DoS Exec Code Mem. Corr. 2012-07-18 2017-12-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
143 CVE-2012-1893 20 +Priv 2012-07-10 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
144 CVE-2012-1891 119 Exec Code Overflow 2012-07-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
145 CVE-2012-1890 20 +Priv 2012-07-10 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
146 CVE-2012-1832 119 DoS Exec Code Overflow 2012-07-05 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
WellinTech KingView 6.53 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted packet to (1) TCP or (2) UDP port 2001.
147 CVE-2012-1831 119 Exec Code Overflow 2012-07-05 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
148 CVE-2012-1830 119 Exec Code Overflow 2012-07-05 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
149 CVE-2012-1740 2012-07-17 2013-10-11
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors.
150 CVE-2012-1661 94 2 Exec Code 2012-07-12 2012-07-16
9.3
None Remote Medium Not required Complete Complete Complete
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
Total number of vulnerabilities : 164   Page : 1 2 3 (This Page)4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.