Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-12-26 | CVE-2012-5590 | SQL Injection vulnerability in Scripthead Webmail Plus SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-12-23 | CVE-2012-6427 | SQL Injection vulnerability in Carlosgavazzi products Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. | 7.5 |
2012-12-21 | CVE-2012-4859 | Unspecified vulnerability in IBM Tivoli Storage Manager FOR Space Management Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors. | 7.2 |
2012-12-20 | CVE-2012-5469 | Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | 7.5 |
2012-12-20 | CVE-2012-4856 | Credentials Management vulnerability in IBM Power 5 and Power 5 System Firmware The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | 7.9 |
2012-12-18 | CVE-2012-4350 | Local Privilege Escalation vulnerability in Symantec Enterprise Security Manager/Agent Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. | 7.2 |
2012-12-18 | CVE-2012-4348 | Improper Input Validation vulnerability in Symantec Endpoint Protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.2 |
2012-12-18 | CVE-2012-5468 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bogofilter Project Bogofilter Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters. | 7.5 |
2012-12-18 | CVE-2012-5195 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Perl Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. | 7.5 |
2012-12-13 | CVE-2012-5679 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Camera RAW Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. | 7.5 |