Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-15 | CVE-2012-4951 | SQL Injection vulnerability in Verifone Vericentre web Console 2.0/2.0.1/2.2 Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. | 7.5 |
| 2012-11-14 | CVE-2012-5459 | Unspecified vulnerability in VMWare Player and Workstation Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path" | 7.9 |
| 2012-11-14 | CVE-2012-5458 | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. | 8.3 |
| 2012-11-14 | CVE-2012-4850 | Improper Input Validation vulnerability in IBM Websphere Application Server 8.5.0.0 IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | 7.5 |
| 2012-11-14 | CVE-2012-2619 | Improper Input Validation vulnerability in multiple products The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. | 7.8 |
| 2012-11-14 | CVE-2012-2553 | Resource Management Errors vulnerability in Microsoft products Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." | 7.2 |
| 2012-11-13 | CVE-2012-1813 | Resource Management Errors vulnerability in C3-Ilex Eoscada eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 12000. | 7.8 |
| 2012-11-13 | CVE-2012-1811 | Resource Management Errors vulnerability in C3-Ilex Eoscada EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006. | 7.8 |
| 2012-11-07 | CVE-2012-3269 | Security vulnerability in HP Performance Insight 5.31/5.40/5.41 Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270. | 7.5 |
| 2012-11-04 | CVE-2012-5822 | Improper Certificate Validation vulnerability in Mozilla Zamboni The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library. | 7.4 |