CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2012 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-0935 89 1 Exec Code Sql 2012-01-29 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.
2 CVE-2012-0934 94 Exec Code File Inclusion 2012-01-29 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.
3 CVE-2012-0931 287 DoS Exec Code 2012-01-28 2020-07-23
7.5
None Remote Low Not required Partial Partial Partial
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
4 CVE-2012-0929 119 DoS Overflow 2012-01-28 2020-07-23
7.8
None Remote Low Not required None None Complete
Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.
5 CVE-2012-0918 Exec Code 2012-01-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.
6 CVE-2012-0916 119 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file.
7 CVE-2012-0915 189 Exec Code Overflow 2012-01-24 2012-01-25
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image.
8 CVE-2012-0913 89 1 Exec Code Sql 2012-01-24 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
9 CVE-2012-0912 89 Exec Code Sql 2012-01-24 2012-01-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2012-0906 89 1 Exec Code Sql 2012-01-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.
11 CVE-2012-0905 89 1 Exec Code Sql 2012-01-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
12 CVE-2012-0897 119 Exec Code Overflow 2012-01-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
13 CVE-2012-0806 119 Exec Code Overflow 2012-01-27 2013-12-13
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.
14 CVE-2012-0697 22 Dir. Trav. 2012-01-13 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.
15 CVE-2012-0695 2012-01-12 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
16 CVE-2012-0395 119 DoS Exec Code Overflow 2012-01-27 2012-02-06
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
17 CVE-2012-0394 94 2 Exec Code 2012-01-08 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
18 CVE-2012-0393 264 1 2012-01-08 2018-11-28
6.4
None Remote Low Not required None Partial Partial
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
19 CVE-2012-0392 1 Exec Code 2012-01-08 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
20 CVE-2012-0391 20 1 Exec Code 2012-01-08 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
21 CVE-2012-0329 94 Exec Code 2012-01-19 2012-01-31
9.0
None Remote Low ??? Complete Complete Complete
Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878.
22 CVE-2012-0286 352 CSRF 2012-01-24 2012-01-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts.
23 CVE-2012-0267 20 1 Exec Code 2012-01-15 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.
24 CVE-2012-0266 119 1 Exec Code Overflow 2012-01-15 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.
25 CVE-2012-0192 189 Exec Code Overflow 2012-01-23 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
26 CVE-2012-0190 Exec Code 2012-01-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
27 CVE-2012-0189 Exec Code 2012-01-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.
28 CVE-2012-0188 Exec Code 2012-01-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
29 CVE-2012-0100 2012-01-18 2018-01-06
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.
30 CVE-2012-0094 2012-01-18 2018-01-06
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.
31 CVE-2012-0083 2012-01-18 2017-08-29
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search.
32 CVE-2012-0069 89 Exec Code Sql 2012-01-24 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.
33 CVE-2012-0056 264 +Priv 2012-01-27 2018-01-18
6.9
None Local Medium Not required Complete Complete Complete
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
34 CVE-2012-0035 +Priv 2012-01-19 2018-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
35 CVE-2012-0029 119 DoS Exec Code Overflow 2012-01-27 2017-08-29
7.4
None Local Network Medium ??? Complete Complete Complete
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
36 CVE-2012-0024 400 DoS 2012-01-08 2020-08-19
7.8
None Remote Low Not required None None Complete
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.
37 CVE-2012-0013 Exec Code 2012-01-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
38 CVE-2012-0009 +Priv 2012-01-10 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
39 CVE-2012-0005 264 +Priv 2012-01-10 2019-02-26
6.9
None Local Medium Not required Complete Complete Complete
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
40 CVE-2012-0004 Exec Code 2012-01-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
41 CVE-2012-0003 Exec Code 2012-01-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
42 CVE-2012-0001 Bypass 2012-01-10 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
43 CVE-2011-5074 352 CSRF 2012-01-29 2012-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
44 CVE-2011-5072 89 Exec Code Sql 2012-01-29 2012-02-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
45 CVE-2011-5071 89 Exec Code Sql 2012-01-29 2012-02-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
46 CVE-2011-5069 Exec Code 2012-01-29 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833.
47 CVE-2011-5068 352 CSRF 2012-01-29 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.
48 CVE-2011-5061 94 Exec Code 2012-01-14 2012-02-08
7.5
None Remote Low Not required Partial Partial Partial
functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.
49 CVE-2011-5059 119 Exec Code Overflow 2012-01-10 2012-01-13
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrary code via a crafted SmartType element, a different vulnerability than CVE-2011-5002. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
50 CVE-2011-5058 264 2012-01-10 2017-08-29
6.4
None Remote Low Not required None Partial Partial
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
Total number of vulnerabilities : 107   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.