Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0227 | 2 Componentone, Opcsystems | 2 Flexgrid, Opcsystems.net | 2017-08-28 | 9.3 HIGH | N/A |
| Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method. | |||||
| CVE-2012-0253 | 1 Demandmedia | 1 Pluck Sitelife | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm. | |||||
| CVE-2012-0266 | 1 Ntrglobal | 1 Ntr Activex Control | 2017-08-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL. | |||||
| CVE-2012-0267 | 1 Ntrglobal | 1 Ntr Activex Control | 2017-08-28 | 9.3 HIGH | N/A |
| The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer. | |||||
| CVE-2012-0273 | 1 Hans Alshoff | 1 Minalic | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c. | |||||
| CVE-2012-0275 | 1 Adobe | 2 Photoshop Cs5.5, Photoshop Cs6 | 2017-08-28 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression. | |||||
| CVE-2012-0279 | 1 Quest | 1 Toad For Data Analysts | 2017-08-28 | 6.9 MEDIUM | N/A |
| Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2012-0284 | 1 Cisco | 2 Linksys Playerpt Activex Control, Wvc200 Wireless-g Ptz Internet Video Camera | 2017-08-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). | |||||
| CVE-2012-0307 | 1 Symantec | 1 Messaging Gateway | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. | |||||
| CVE-2012-0309 | 1 Cogentdatahub | 3 Cascade Datahub, Cogent Datahub, Opc Datahub | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0310 | 1 Cogentdatahub | 3 Cascade Datahub, Cogent Datahub, Opc Datahub | 2017-08-28 | 5.8 MEDIUM | N/A |
| CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2012-0328 | 1 Janetter | 1 Janetter | 2017-08-28 | 5.0 MEDIUM | N/A |
| Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. | |||||
| CVE-2012-0383 | 1 Cisco | 1 Ios | 2017-08-28 | 7.8 HIGH | N/A |
| Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326. | |||||
| CVE-2012-0389 | 1 Mailenable | 1 Mailenable | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. | |||||
| CVE-2012-0396 | 1 Emc | 1 Documentum Xplore | 2017-08-28 | 4.0 MEDIUM | N/A |
| EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | |||||
| CVE-2012-0440 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. | |||||
| CVE-2012-0448 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 4.0 MEDIUM | N/A |
| Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address. | |||||
| CVE-2012-0563 | 1 Sun | 1 Sunos | 2017-08-28 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. | |||||
| CVE-2012-0696 | 1 Ibm | 2 Cognos Executive Viewer, Cognos Tm1 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js. | |||||
| CVE-2012-0697 | 1 Hp | 1 Storageworks P2000 G3 Msa | 2017-08-28 | 10.0 HIGH | N/A |
| HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788. | |||||