Filtered by vendor Microsoft Subscriptions
Filtered by product Windows Server 2008 Subscriptions
Total 3562 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-2003 2 Hp, Microsoft 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more 2024-08-06 N/A
Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-2005 2 Hp, Microsoft 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2004 2 Hp, Microsoft 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more 2024-08-06 N/A
Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-1895 1 Microsoft 6 .net Framework, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
CVE-2012-1880 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-08-06 N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
CVE-2012-1893 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-08-06 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
CVE-2012-1896 1 Microsoft 6 .net Framework, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
CVE-2012-1890 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-08-06 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
CVE-2012-1882 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-08-06 N/A
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."
CVE-2012-1881 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
CVE-2012-1889 1 Microsoft 15 Expression Web, Groove, Groove Server and 12 more 2024-08-06 8.8 High
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2012-1870 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-08-06 N/A
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
CVE-2012-1873 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability."
CVE-2012-1875 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
CVE-2012-1855 1 Microsoft 7 .net Framework, Windows 2003 Server, Windows 7 and 4 more 2024-08-06 N/A
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
CVE-2012-1866 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
CVE-2012-1874 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
CVE-2012-1865 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2024-08-06 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
CVE-2012-1878 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-08-06 N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
CVE-2012-1876 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-08-06 N/A
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.