Vulnerabilities > Microsoft > Windows
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-21 | CVE-2011-4185 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. | 10.0 |
| 2012-02-15 | CVE-2012-0765 | Cross-Site Scripting vulnerability in Adobe Robohelp Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories. | 4.3 |
| 2012-01-04 | CVE-2011-5049 | Denial-Of-Service vulnerability in MySQL MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. | 4.3 |
| 2011-12-16 | CVE-2011-4369 | Unspecified vulnerability in Adobe Acrobat and Acrobat Reader Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. | 10.0 |
| 2011-12-16 | CVE-2011-4744 | Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4743 | Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4742 | Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files. | 5.0 |
| 2011-12-16 | CVE-2011-4741 | Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/. | 5.0 |
| 2011-12-16 | CVE-2011-4740 | Information Exposure vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | 4.3 |
| 2011-12-16 | CVE-2011-4739 | Credentials Management vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. | 10.0 |