CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2012 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-0937 1 DoS 2012-01-30 2012-01-31
5.0
None Remote Low Not required None None Partial
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.
2 CVE-2012-0935 89 1 Exec Code Sql 2012-01-29 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.
3 CVE-2012-0934 94 Exec Code File Inclusion 2012-01-29 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.
4 CVE-2012-0931 287 DoS Exec Code 2012-01-28 2020-07-23
7.5
None Remote Low Not required Partial Partial Partial
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
5 CVE-2012-0929 119 DoS Overflow 2012-01-28 2020-07-23
7.8
None Remote Low Not required None None Complete
Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.
6 CVE-2012-0918 Exec Code 2012-01-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.
7 CVE-2012-0916 119 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file.
8 CVE-2012-0915 189 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image.
9 CVE-2012-0913 89 1 Exec Code Sql 2012-01-24 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
10 CVE-2012-0912 89 Exec Code Sql 2012-01-24 2012-01-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
11 CVE-2012-0907 22 Dir. Trav. 2012-01-20 2017-08-29
5.8
None Remote Medium Not required None Partial Partial
Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.
12 CVE-2012-0906 89 1 Exec Code Sql 2012-01-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.
13 CVE-2012-0905 89 1 Exec Code Sql 2012-01-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
14 CVE-2012-0902 1 DoS 2012-01-20 2017-08-29
5.0
None Remote Low Not required None None Partial
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.
15 CVE-2012-0898 22 1 Dir. Trav. 2012-01-20 2017-08-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter.
16 CVE-2012-0897 119 Exec Code Overflow 2012-01-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
17 CVE-2012-0896 22 2 Dir. Trav. 2012-01-20 2020-07-13
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
18 CVE-2012-0817 200 DoS +Info 2012-01-30 2018-01-18
5.0
None Remote Low Not required None None Partial
Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.
19 CVE-2012-0807 119 Exec Code Overflow 2012-01-27 2018-01-18
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.
20 CVE-2012-0806 119 Exec Code Overflow 2012-01-27 2013-12-13
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.
21 CVE-2012-0781 399 1 DoS 2012-01-18 2018-01-09
5.0
None Remote Low Not required None None Partial
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
22 CVE-2012-0697 22 Dir. Trav. 2012-01-13 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.
23 CVE-2012-0695 2012-01-12 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
24 CVE-2012-0693 94 2012-01-14 2012-04-23
5.0
None Remote Low Not required None Partial None
** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong."
25 CVE-2012-0486 2012-01-18 2019-12-17
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
26 CVE-2012-0395 119 DoS Exec Code Overflow 2012-01-27 2012-02-06
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
27 CVE-2012-0394 94 2 Exec Code 2012-01-08 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
28 CVE-2012-0393 264 1 2012-01-08 2018-11-28
6.4
None Remote Low Not required None Partial Partial
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
29 CVE-2012-0392 1 Exec Code 2012-01-08 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
30 CVE-2012-0391 20 1 Exec Code 2012-01-08 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
31 CVE-2012-0329 94 Exec Code 2012-01-19 2012-01-31
9.0
None Remote Low ??? Complete Complete Complete
Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878.
32 CVE-2012-0310 94 Http R.Spl. 2012-01-13 2017-08-29
5.8
None Remote Medium Not required None Partial Partial
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
33 CVE-2012-0286 352 CSRF 2012-01-24 2012-01-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts.
34 CVE-2012-0268 189 Exec Code Overflow 2012-01-19 2012-01-23
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.
35 CVE-2012-0267 20 1 Exec Code 2012-01-15 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.
36 CVE-2012-0266 119 1 Exec Code Overflow 2012-01-15 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.
37 CVE-2012-0193 20 DoS 2012-01-20 2012-01-27
5.0
None Remote Low Not required None None Partial
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
38 CVE-2012-0192 189 Exec Code Overflow 2012-01-23 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
39 CVE-2012-0190 Exec Code 2012-01-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
40 CVE-2012-0189 Exec Code 2012-01-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.
41 CVE-2012-0188 Exec Code 2012-01-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
42 CVE-2012-0113 2012-01-18 2019-12-17
5.5
None Remote Low ??? Partial None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
43 CVE-2012-0104 2012-01-18 2017-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container.
44 CVE-2012-0100 2012-01-18 2018-01-06
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.
45 CVE-2012-0096 2012-01-18 2018-01-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.
46 CVE-2012-0094 2012-01-18 2018-01-06
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.
47 CVE-2012-0083 2012-01-18 2017-08-29
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search.
48 CVE-2012-0082 2012-01-18 2017-08-29
5.5
None Remote Low ??? None Partial Partial
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors.
49 CVE-2012-0080 2012-01-18 2017-08-29
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management.
50 CVE-2012-0072 2012-01-18 2017-08-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors.
Total number of vulnerabilities : 177   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.