CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-10060 | critical | 9.8 | 10.0 | 10mo ago | Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies th… | |||
| CVE-2012-2576 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote at… | |||
| CVE-2012-5357 | critical | 9.8 | 10.0 | 9y ago | Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE … | |||
| CVE-2012-4988 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image fi… | |||
| CVE-2012-5106 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command. | |||
| CVE-2012-2052 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada… | |||
| CVE-2012-6429 | critical | — | 10.0 | 12y ago | Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the pass… | |||
| CVE-2012-4886 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string. | |||
| CVE-2012-0262 | critical | — | 10.0 | 13y ago | op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password paramet… | |||
| CVE-2012-0261 | critical | — | 10.0 | 13y ago | license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for a… | |||
| CVE-2012-5946 | critical | — | 10.0 | 13y ago | Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string. | |||
| CVE-2012-5201 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary… | |||
| CVE-2012-6275 | critical | — | 10.0 | 14y ago | Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the… | |||
| CVE-2012-4705 | critical | — | 10.0 | 14y ago | Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | |||
| CVE-2012-0439 | critical | — | 10.0 | 14y ago | An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the Set… | |||
| CVE-2012-4711 | critical | — | 10.0 | 14y ago | Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attacker… | |||
| CVE-2012-3363 | critical | 9.1 | 10.0 | 14y ago | Zend Framework XXE Vulnerability | |||
| CVE-2012-3282 | critical | — | 10.0 | 14y ago | Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468. | |||
| CVE-2012-5965 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.… | |||
| CVE-2012-5964 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.… | |||
| CVE-2012-5963 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.… | |||
| CVE-2012-5962 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.… | |||
| CVE-2012-5961 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.… | |||
| CVE-2012-5960 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) be… | |||
| CVE-2012-5959 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) be… | |||
| CVE-2012-5958 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) be… | |||
| CVE-2012-4914 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream. | |||
| CVE-2012-6470 | critical | — | 10.0 | 14y ago | Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. | |||
| CVE-2012-0432 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. | |||
| CVE-2012-5932 | critical | — | 10.0 | 14y ago | Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code… | |||
| CVE-2012-5691 | critical | — | 10.0 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file. | |||
| CVE-2012-3274 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via v… | |||
| CVE-2012-6066 | critical | — | 10.0 | 14y ago | freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. | |||
| CVE-2012-5975 | critical | — | 10.0 | 14y ago | The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authen… | |||
| CVE-2012-6046 | critical | — | 10.0 | 14y ago | Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter. | |||
| CVE-2012-5864 | critical | — | 10.0 | 14y ago | These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access… | |||
| CVE-2012-5863 | critical | — | 10.0 | 14y ago | These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the devic… | |||
| CVE-2012-5862 | critical | — | 10.0 | 14y ago | These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. Th… | |||
| CVE-2012-4959 | critical | — | 10.0 | 14y ago | Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of… | |||
| CVE-2012-4956 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record. | |||
| CVE-2012-5897 | critical | — | 10.0 | 14y ago | The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote att… | |||
| CVE-2012-5896 | critical | — | 10.0 | 14y ago | The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrar… | |||
| CVE-2012-3569 | critical | — | 10.0 | 14y ago | Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attacker… | |||
| CVE-2012-3755 | critical | — | 10.0 | 14y ago | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. | |||
| CVE-2012-3753 | critical | — | 10.0 | 14y ago | Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. | |||
| CVE-2012-3752 | critical | — | 10.0 | 14y ago | Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime … | |||
| CVE-2012-5409 | critical | — | 10.0 | 14y ago | AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data t… | |||
| CVE-2012-5692 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. | |||
| CVE-2012-5088 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via u… | |||
| CVE-2012-1533 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int… | |||
| CVE-2012-3993 | critical | — | 10.0 | 14y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 d… | |||
| CVE-2012-5324 | critical | — | 10.0 | 14y ago | Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string i… | |||
| CVE-2012-1189 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary co… | |||
| CVE-2012-5306 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause… | |||
| CVE-2012-3261 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463. | |||
| CVE-2012-3260 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462. | |||
| CVE-2012-4992 | critical | — | 10.0 | 14y ago | Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox. | |||
| CVE-2012-0271 | critical | — | 10.0 | 14y ago | Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitr… | |||
| CVE-2012-4924 | critical | — | 10.0 | 14y ago | Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Aler… | |||
| CVE-2012-4876 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the Open… | |||
| CVE-2012-4865 | critical | — | 10.0 | 14y ago | Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file. | |||
| CVE-2012-4864 | critical | — | 10.0 | 14y ago | Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file. | |||
| CVE-2012-2288 | critical | — | 10.0 | 14y ago | Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specif… | |||
| CVE-2012-4170 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file. | |||
| CVE-2012-4598 | critical | — | 10.0 | 14y ago | An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via… | |||
| CVE-2012-4357 | critical | — | 10.0 | 14y ago | Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP… | |||
| CVE-2012-4355 | critical | — | 10.0 | 14y ago | TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted ne… | |||
| CVE-2012-4354 | critical | — | 10.0 | 14y ago | TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted po… | |||
| CVE-2012-4353 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-… | |||
| CVE-2012-4334 | critical | — | 10.0 | 14y ago | The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspeci… | |||
| CVE-2012-4333 | critical | — | 10.0 | 14y ago | Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to… | |||
| CVE-2012-4250 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrar… | |||
| CVE-2012-4177 | critical | — | 10.0 | 14y ago | The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. | |||
| CVE-2012-2627 | critical | — | 10.0 | 14y ago | d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\sn… | |||
| CVE-2012-4057 | critical | — | 10.0 | 14y ago | Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file. | |||
| CVE-2012-2953 | critical | — | 10.0 | 14y ago | The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. | |||
| CVE-2012-0284 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attac… | |||
| CVE-2012-1661 | critical | — | 10.0 | 14y ago | ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a c… | |||
| CVE-2012-0911 | critical | 9.8 | 10.0 | 14y ago | TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) prin… | |||
| CVE-2012-2020 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. | |||
| CVE-2012-2019 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. | |||
| CVE-2012-3859 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. | |||
| CVE-2012-3585 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS f… | |||
| CVE-2012-2516 | critical | — | 10.0 | 14y ago | An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 an… | |||
| CVE-2012-2515 | critical | — | 10.0 | 14y ago | Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXt… | |||
| CVE-2012-1831 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. | |||
| CVE-2012-1830 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. | |||
| CVE-2012-3811 | critical | — | 10.0 | 14y ago | Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.1… | |||
| CVE-2012-3815 | critical | — | 10.0 | 14y ago | Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP por… | |||
| CVE-2012-3797 | critical | — | 10.0 | 14y ago | Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows … | |||
| CVE-2012-2175 | critical | — | 10.0 | 14y ago | Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argum… | |||
| CVE-2012-2174 | critical | — | 10.0 | 14y ago | The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. | |||
| CVE-2012-3576 | critical | — | 10.0 | 14y ago | Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable… | |||
| CVE-2012-3575 | critical | — | 10.0 | 14y ago | Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, … | |||
| CVE-2012-1876 | critical | — | 10.0 | 14y ago | Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexis… | |||
| CVE-2012-1875 | critical | — | 10.0 | 14y ago | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Exec… | |||
| CVE-2012-0677 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | |||
| CVE-2012-0985 | critical | — | 10.0 | 14y ago | Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Conn… | |||
| CVE-2012-2176 | critical | — | 10.0 | 14y ago | Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argum… | |||
| CVE-2012-2926 | critical | 9.1 | 10.0 | 14y ago | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4… |