RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
Max CVSS
8.5
EPSS Score
1.28%
Published
2012-04-28
Updated
2022-02-01
The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.55%
Published
2012-04-28
Updated
2017-08-29
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.32%
Published
2012-04-28
Updated
2012-09-21
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI.
Max CVSS
1.8
EPSS Score
0.70%
Published
2012-04-25
Updated
2021-07-23
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter.
Max CVSS
1.8
EPSS Score
0.52%
Published
2012-04-25
Updated
2021-07-23
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote attackers to obtain potentially sensitive information about the installation path and product version via a series of requests involving the Msxml2.XMLHTTP object.
Max CVSS
1.8
EPSS Score
0.36%
Published
2012-04-25
Updated
2021-07-23
Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality.
Max CVSS
2.9
EPSS Score
0.36%
Published
2012-04-25
Updated
2017-12-19
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.
Max CVSS
1.8
EPSS Score
0.27%
Published
2012-04-25
Updated
2021-07-23
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI with a % (percent) character as its (1) last or (2) second-to-last character, in situations where a certain "post-URL data" buffer contains a 0x0000 character but a buffer overflow does not occur.
Max CVSS
1.8
EPSS Score
0.30%
Published
2012-04-25
Updated
2021-07-23
Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory consumption) via a URI with multiple references to the same name-value pair.
Max CVSS
1.8
EPSS Score
0.56%
Published
2012-04-25
Updated
2021-07-23
Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character.
Max CVSS
6.8
EPSS Score
2.60%
Published
2012-04-25
Updated
2021-07-23
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
Max CVSS
6.5
EPSS Score
5.79%
Published
2012-04-30
Updated
2017-12-14
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
Max CVSS
6.5
EPSS Score
95.46%
Published
2012-04-30
Updated
2017-12-14
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
Max CVSS
6.5
EPSS Score
91.89%
Published
2012-04-30
Updated
2017-12-14
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
Max CVSS
10.0
EPSS Score
0.14%
Published
2012-04-22
Updated
2017-12-14
wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
1.13%
Published
2012-04-21
Updated
2017-12-19
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
1.58%
Published
2012-04-21
Updated
2017-12-19
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
Max CVSS
5.5
EPSS Score
0.16%
Published
2012-04-21
Updated
2017-12-19
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
Max CVSS
5.0
EPSS Score
0.61%
Published
2012-04-21
Updated
2017-12-19
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.53%
Published
2012-04-21
Updated
2017-12-19
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
Max CVSS
10.0
EPSS Score
1.46%
Published
2012-04-21
Updated
2017-12-19
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-04-20
Updated
2013-10-07
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts.
Max CVSS
6.8
EPSS Score
0.14%
Published
2012-04-20
Updated
2017-12-13
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
Max CVSS
4.3
EPSS Score
1.82%
Published
2012-04-19
Updated
2017-12-13
Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-04-20
Updated
2018-10-30
228 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!