Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.
Max CVSS
7.5
EPSS Score
17.31%
Published
2012-07-26
Updated
2017-08-29
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-07-25
Updated
2017-08-29
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
Max CVSS
7.5
EPSS Score
0.06%
Published
2012-07-25
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
Max CVSS
6.8
EPSS Score
0.37%
Published
2012-07-25
Updated
2017-08-29
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
Max CVSS
9.3
EPSS Score
19.60%
Published
2012-07-25
Updated
2017-08-29
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2012-07-25
Updated
2017-08-29
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
Max CVSS
7.5
EPSS Score
0.08%
Published
2012-07-25
Updated
2017-08-29
Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file.
Max CVSS
6.9
EPSS Score
0.57%
Published
2012-07-25
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-07-25
Updated
2019-07-30
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.12%
Published
2012-07-24
Updated
2017-08-29
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
Max CVSS
7.5
EPSS Score
4.99%
Published
2012-07-22
Updated
2017-09-19
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.31%
Published
2012-07-18
Updated
2017-08-29
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
Max CVSS
5.8
EPSS Score
0.84%
Published
2012-07-17
Updated
2017-08-29

CVE-2012-4031

Public exploit
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.
Max CVSS
5.0
EPSS Score
20.44%
Published
2012-07-17
Updated
2017-08-29
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
Max CVSS
7.8
EPSS Score
0.27%
Published
2012-07-16
Updated
2023-03-22
Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
Max CVSS
5.0
EPSS Score
0.21%
Published
2012-07-16
Updated
2023-03-22
The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607.
Max CVSS
5.0
EPSS Score
0.18%
Published
2012-07-16
Updated
2012-08-24
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
3.79%
Published
2012-07-19
Updated
2020-01-10
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
Max CVSS
6.8
EPSS Score
3.19%
Published
2012-07-19
Updated
2020-01-10
Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-07-12
Updated
2012-07-19
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
Max CVSS
5.0
EPSS Score
0.42%
Published
2012-07-12
Updated
2012-10-24

CVE-2012-3951

Public exploit
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
Max CVSS
7.5
EPSS Score
77.01%
Published
2012-07-31
Updated
2018-03-12
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
Max CVSS
6.8
EPSS Score
0.54%
Published
2012-07-11
Updated
2017-09-19
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
Max CVSS
6.8
EPSS Score
0.54%
Published
2012-07-11
Updated
2017-09-19
The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-07-26
Updated
2012-07-27
330 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!