CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3051 CVE-2012-1527 189 +Priv 2012-11-14 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
3052 CVE-2012-1526 119 Exec Code Overflow Mem. Corr. 2012-08-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
3053 CVE-2012-1525 119 Exec Code Overflow 2012-08-15 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
3054 CVE-2012-1524 94 Exec Code 2012-07-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
3055 CVE-2012-1523 94 Exec Code 2012-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
3056 CVE-2012-1522 94 Exec Code 2012-07-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
3057 CVE-2012-1521 416 DoS 2012-05-01 2020-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
3058 CVE-2012-1520 DoS Exec Code Mem. Corr. 2012-07-25 2012-09-22
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
3059 CVE-2012-1518 264 +Priv 2012-04-17 2017-12-29
8.3
None Local Network Low Not required Complete Complete Complete
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.
3060 CVE-2012-1517 119 DoS Exec Code Overflow 2012-05-04 2017-12-13
9.0
None Remote Low ??? Complete Complete Complete
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.
3061 CVE-2012-1516 119 DoS Exec Code Overflow 2012-05-04 2019-09-27
9.0
None Remote Low ??? Complete Complete Complete
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
3062 CVE-2012-1515 264 +Priv 2012-04-02 2018-10-12
8.3
None Local Network Low Not required Complete Complete Complete
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.
3063 CVE-2012-1514 352 CSRF 2012-03-16 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users.
3064 CVE-2012-1513 200 +Info 2012-03-16 2018-01-06
4.0
None Remote Low ??? Partial None None
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.
3065 CVE-2012-1512 79 XSS 2012-03-16 2018-01-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.
3066 CVE-2012-1511 79 XSS 2012-03-16 2017-12-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
3067 CVE-2012-1510 119 Overflow +Priv 2012-03-16 2017-12-13
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.
3068 CVE-2012-1509 119 Overflow +Priv 2012-03-16 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.
3069 CVE-2012-1508 264 DoS +Priv 2012-03-16 2017-12-13
7.2
None Local Low Not required Complete Complete Complete
The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
3070 CVE-2012-1502 399 DoS Exec Code 2012-06-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
3071 CVE-2012-1499 119 Exec Code Overflow Mem. Corr. 2012-04-11 2020-09-09
9.3
None Remote Medium Not required Complete Complete Complete
The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."
3072 CVE-2012-1498 352 2 CSRF 2012-03-19 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.
3073 CVE-2012-1497 22 Dir. Trav. 2012-03-03 2018-01-18
4.0
None Remote Low ??? Partial None None
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.
3074 CVE-2012-1493 255 2012-07-09 2012-07-10
7.8
None Remote Low Not required Complete None None
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
3075 CVE-2012-1485 2012-03-15 2018-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors.
3076 CVE-2012-1484 2012-03-15 2018-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) application 2.9.2 and 3.7.0 for Android has unknown impact and attack vectors.
3077 CVE-2012-1483 2012-03-15 2018-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Message Forwarder (com.gmail.zbnetium) application 1.12.20110409.1 for Android has unknown impact and attack vectors.
3078 CVE-2012-1482 2012-03-15 2018-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdialer) application 3.3.1 and 4.0.1 for Android has unknown impact and attack vectors.
3079 CVE-2012-1481 2012-03-15 2018-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Textdroid (com.app.android.textdroid) application 2.5.2 for Android has unknown impact and attack vectors.
3080 CVE-2012-1480 2012-03-14 2018-01-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application 1.97, 2.01, and 2.07 for Android has unknown impact and attack vectors.
3081 CVE-2012-1479 2012-03-14 2018-01-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the AContact (com.movester.quickcontact) application 1.8.2 for Android has unknown impact and attack vectors.
3082 CVE-2012-1478 2012-03-14 2018-01-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors.
3083 CVE-2012-1477 2012-03-14 2012-03-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 for Android has unknown impact and attack vectors.
3084 CVE-2012-1476 2012-03-14 2012-03-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the KKtalk (com.kkliaotian.android) application 4.0.0 and 4.1.5 for Android has unknown impact and attack vectors.
3085 CVE-2012-1475 2012-03-14 2012-03-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors.
3086 CVE-2012-1474 2012-03-14 2012-03-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Youni SMS (com.snda.youni) application 2.1.0c and 2.1.0d for Android has unknown impact and attack vectors.
3087 CVE-2012-1472 20 DoS 2012-03-13 2012-03-13
6.4
None Remote Low Not required Partial None Partial
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors.
3088 CVE-2012-1471 22 Dir. Trav. 2012-10-01 2012-10-02
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
3089 CVE-2012-1470 79 XSS 2012-10-01 2012-10-02
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
3090 CVE-2012-1469 79 XSS 2012-09-06 2018-01-12
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.
3091 CVE-2012-1468 Exec Code 2012-09-06 2012-09-07
6.0
None Remote Medium ??? Partial Partial Partial
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.
3092 CVE-2012-1467 22 Dir. Trav. 2012-09-06 2012-09-13
6.5
None Remote Low ??? Partial Partial Partial
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.
3093 CVE-2012-1466 200 1 +Info 2012-03-19 2017-08-29
5.0
None Remote Low Not required Partial None None
The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information.
3094 CVE-2012-1465 119 1 DoS Overflow 2012-03-19 2017-08-29
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information.
3095 CVE-2012-1464 200 1 +Info 2012-03-19 2017-12-06
5.0
None Remote Low Not required Partial None None
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information.
3096 CVE-2012-1463 264 Bypass 2012-03-21 2017-08-29
4.3
None Remote Medium Not required None Partial None
The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
3097 CVE-2012-1462 264 Bypass 2012-03-21 2017-08-29
4.3
None Remote Medium Not required None Partial None
The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.
3098 CVE-2012-1461 264 Bypass 2012-03-21 2012-11-06
4.3
None Remote Medium Not required None Partial None
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.
3099 CVE-2012-1460 264 Bypass 2012-03-21 2017-08-29
4.3
None Remote Medium Not required None Partial None
The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.
3100 CVE-2012-1459 264 Bypass 2012-03-21 2018-01-18
4.3
None Remote Medium Not required None Partial None
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Total number of vulnerabilities : 5297   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 (This Page)63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.