Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability.
Max CVSS
5.0
EPSS Score
0.18%
Published
2012-04-05
Updated
2012-04-12
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability.
Max CVSS
5.0
EPSS Score
0.11%
Published
2012-04-05
Updated
2012-04-05
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
Max CVSS
5.0
EPSS Score
0.11%
Published
2012-04-05
Updated
2012-04-12
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
Max CVSS
7.5
EPSS Score
0.66%
Published
2012-04-13
Updated
2012-04-16
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
Max CVSS
6.8
EPSS Score
1.59%
Published
2012-04-13
Updated
2018-01-10
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
Max CVSS
6.8
EPSS Score
1.59%
Published
2012-04-13
Updated
2018-01-10
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.
Max CVSS
7.5
EPSS Score
0.54%
Published
2012-04-13
Updated
2012-04-16
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
Max CVSS
9.3
EPSS Score
0.14%
Published
2012-04-17
Updated
2012-04-18
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Max CVSS
6.8
EPSS Score
1.52%
Published
2012-04-05
Updated
2020-04-14
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
Max CVSS
6.8
EPSS Score
0.68%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
Max CVSS
6.8
EPSS Score
36.75%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
Max CVSS
6.8
EPSS Score
0.99%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
Max CVSS
6.8
EPSS Score
1.89%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
6.8
EPSS Score
0.76%
Published
2012-04-05
Updated
2020-04-14
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
Max CVSS
6.8
EPSS Score
1.49%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
Max CVSS
6.8
EPSS Score
0.99%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
Max CVSS
6.8
EPSS Score
0.92%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
Max CVSS
6.8
EPSS Score
0.92%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
Max CVSS
6.8
EPSS Score
0.92%
Published
2012-04-05
Updated
2020-04-14
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
Max CVSS
6.8
EPSS Score
2.12%
Published
2012-04-05
Updated
2020-04-14

CVE-2011-3175

Public exploit
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
Max CVSS
10.0
EPSS Score
97.08%
Published
2012-04-09
Updated
2012-09-07

CVE-2011-3176

Public exploit
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
Max CVSS
10.0
EPSS Score
97.08%
Published
2012-04-09
Updated
2012-09-07
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Max CVSS
6.8
EPSS Score
0.08%
Published
2012-04-12
Updated
2012-04-12
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
Max CVSS
9.3
EPSS Score
1.18%
Published
2012-04-03
Updated
2012-04-03
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
Max CVSS
9.3
EPSS Score
1.06%
Published
2012-04-03
Updated
2012-04-03
228 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!