CVE-2012-6301

Public exploit
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
Max CVSS
5.0
EPSS Score
6.04%
Published
2012-12-10
Updated
2012-12-11

CVE-2012-6066

Public exploit
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Max CVSS
9.3
EPSS Score
24.32%
Published
2012-12-04
Updated
2012-12-05

CVE-2012-5975

Public exploit
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
Max CVSS
9.3
EPSS Score
51.58%
Published
2012-12-04
Updated
2012-12-05

CVE-2012-5932

Public exploit
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
Max CVSS
10.0
EPSS Score
73.30%
Published
2012-12-24
Updated
2021-04-13

CVE-2012-5896

Public exploit
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
Max CVSS
10.0
EPSS Score
60.21%
Published
2012-11-17
Updated
2017-08-29

CVE-2012-5692

Public exploit
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
95.03%
Published
2012-10-31
Updated
2020-06-03

CVE-2012-5691

Public exploit
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
Max CVSS
9.3
EPSS Score
82.60%
Published
2012-12-19
Updated
2012-12-19

CVE-2012-5687

Public exploit
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.
Max CVSS
7.8
EPSS Score
2.95%
Published
2012-11-01
Updated
2017-08-29

CVE-2012-5613

Public exploit
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
Max CVSS
6.0
EPSS Score
97.23%
Published
2012-12-03
Updated
2024-03-21

CVE-2012-5223

Public exploit
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
Max CVSS
7.5
EPSS Score
91.80%
Published
2012-10-01
Updated
2017-08-29

CVE-2012-5159

Public exploit
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
Max CVSS
7.5
EPSS Score
92.72%
Published
2012-09-25
Updated
2013-01-26

CVE-2012-5088

Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Max CVSS
10.0
EPSS Score
92.59%
Published
2012-10-16
Updated
2017-09-19

CVE-2012-5081

Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
Max CVSS
5.0
EPSS Score
4.21%
Published
2012-10-16
Updated
2022-05-13

CVE-2012-5076

Known exploited
Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Max CVSS
10.0
EPSS Score
97.14%
Published
2012-10-16
Updated
2017-09-19
CISA KEV Added
2022-03-28

CVE-2012-5002

Public exploit
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.
Max CVSS
6.8
EPSS Score
61.35%
Published
2012-09-19
Updated
2017-08-29

CVE-2012-4969

Known exploited
Public exploit
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
Max CVSS
9.3
EPSS Score
86.88%
Published
2012-09-18
Updated
2017-11-21
CISA KEV Added
2022-06-08

CVE-2012-4959

Public exploit
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Max CVSS
10.0
EPSS Score
79.77%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-4958

Public exploit
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Max CVSS
7.8
EPSS Score
95.27%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-4957

Public exploit
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
Max CVSS
7.8
EPSS Score
95.81%
Published
2012-11-18
Updated
2012-11-19

CVE-2012-4956

Public exploit
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
Max CVSS
10.0
EPSS Score
15.06%
Published
2012-11-18
Updated
2013-05-03

CVE-2012-4940

Public exploit
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
Max CVSS
6.4
EPSS Score
16.41%
Published
2012-10-31
Updated
2013-02-26

CVE-2012-4933

Public exploit
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
Max CVSS
7.8
EPSS Score
97.12%
Published
2012-10-20
Updated
2017-08-29

CVE-2012-4924

Public exploit
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
Max CVSS
9.3
EPSS Score
94.22%
Published
2012-09-15
Updated
2017-08-29

CVE-2012-4876

Public exploit
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
Max CVSS
10.0
EPSS Score
84.36%
Published
2012-09-06
Updated
2012-09-07

CVE-2012-4869

Public exploit
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
Max CVSS
7.5
EPSS Score
31.34%
Published
2012-09-06
Updated
2019-12-10
139 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!