CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2012-0290 2012-02-06 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
202 CVE-2012-0244 89 Exec Code Sql 2012-02-21 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.
203 CVE-2012-0243 119 Exec Code Overflow 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
204 CVE-2012-0242 134 Exec Code 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
205 CVE-2012-0241 119 DoS Overflow Mem. Corr. 2012-02-21 2018-01-05
5.0
None Remote Low Not required None None Partial
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
206 CVE-2012-0240 287 Exec Code 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
207 CVE-2012-0239 287 2012-02-21 2018-01-05
5.0
None Remote Low Not required None Partial None
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.
208 CVE-2012-0238 119 Exec Code Overflow 2012-02-21 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
209 CVE-2012-0237 119 Overflow 2012-02-21 2018-01-05
6.4
None Remote Low Not required None Partial Partial
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.
210 CVE-2012-0236 200 +Info 2012-02-21 2018-01-05
5.0
None Remote Low Not required Partial None None
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."
211 CVE-2012-0235 352 CSRF 2012-02-21 2018-01-05
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
212 CVE-2012-0234 89 Exec Code Sql 2012-02-21 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
213 CVE-2012-0233 79 XSS 2012-02-21 2018-01-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.
214 CVE-2012-0224 +Priv 2012-02-21 2012-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223.
215 CVE-2012-0223 +Priv 2012-02-22 2012-02-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224.
216 CVE-2012-0206 399 DoS 2012-02-17 2016-11-09
5.0
None Remote Low Not required None None Partial
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
217 CVE-2012-0200 DoS 2012-02-21 2017-08-29
4.0
None Remote Low ??? None None Partial
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition.
218 CVE-2012-0194 DoS 2012-02-06 2017-08-29
7.1
None Remote Medium Not required None None Complete
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.
219 CVE-2012-0155 94 Exec Code 2012-02-14 2022-03-01
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
220 CVE-2012-0154 399 +Priv 2012-02-14 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
221 CVE-2012-0150 119 Exec Code Overflow 2012-02-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
222 CVE-2012-0149 20 +Priv 2012-02-14 2019-02-26
7.2
None Local Low Not required Complete Complete Complete
afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
223 CVE-2012-0148 20 +Priv 2012-02-14 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
224 CVE-2012-0145 79 XSS 2012-02-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
225 CVE-2012-0144 79 XSS 2012-02-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
226 CVE-2012-0138 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
227 CVE-2012-0137 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
228 CVE-2012-0136 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
229 CVE-2012-0057 264 2012-02-02 2018-01-18
6.4
None Remote Low Not required Partial Partial None
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
230 CVE-2012-0020 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
231 CVE-2012-0019 94 Exec Code Mem. Corr. 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
232 CVE-2012-0017 79 XSS 2012-02-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
233 CVE-2012-0015 94 Exec Code 2012-02-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
234 CVE-2012-0014 94 Exec Code 2012-02-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
235 CVE-2012-0012 665 2012-02-14 2022-03-01
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."
236 CVE-2012-0011 94 Exec Code 2012-02-14 2022-03-01
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."
237 CVE-2012-0010 200 +Info 2012-02-14 2022-03-01
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."
238 CVE-2011-5081 79 XSS 2012-02-18 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi.
239 CVE-2011-5080 79 XSS 2012-02-14 2012-02-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
240 CVE-2011-5079 20 2012-02-14 2012-02-29
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
241 CVE-2011-5078 264 2012-02-08 2012-02-09
6.5
None Remote Low ??? Partial Partial Partial
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499.
242 CVE-2011-5077 Exec Code 2012-02-08 2012-02-08
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in image directory.
243 CVE-2011-5076 89 Exec Code Sql 2012-02-08 2012-02-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.
244 CVE-2011-4923 79 XSS 2012-02-18 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.
245 CVE-2011-4890 20 DoS 2012-02-21 2017-08-29
4.0
None Remote Low ??? None None Partial
The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery.
246 CVE-2011-4879 20 1 DoS 2012-02-03 2017-08-29
8.5
None Remote Low Not required Partial None Complete
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.
247 CVE-2011-4878 22 1 Dir. Trav. 2012-02-03 2017-08-29
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.
248 CVE-2011-4877 20 1 DoS 2012-02-03 2017-08-29
7.1
None Remote Medium Not required None None Complete
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.
249 CVE-2011-4876 22 1 Dir. Trav. 2012-02-03 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
250 CVE-2011-4875 119 1 Exec Code Overflow 2012-02-03 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
Total number of vulnerabilities : 343   Page : 1 2 3 4 5 (This Page)6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.