CVE Daily
← All years

All CVEs — 2012

Page 6/26.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2012-10-09
Critical

CVE-2012-5260

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5259

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5258

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5257

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5256

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5255

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5254

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5253

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5252

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5251

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5250

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5249

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5248

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2012-5110

The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-125
Read more
Medium

CVE-2012-5109

The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a re…

CVSS: 5.0 CWE: CWE-125
Read more
Critical

CVE-2012-5108

Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.

CVSS: 9.3 CWE: CWE-362
Read more
2012-10-08
Medium

CVE-2012-5335

Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.

CVSS: 4.0 CWE: CWE-22
Read more
High

CVE-2012-5334

SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5333

SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5331

Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2012-5330

Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, o…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5329

Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.

CVSS: 4.0 CWE: CWE-119
Read more
Medium

CVE-2012-1671

Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2012-5328

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2012-5327

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrar…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2012-5326

Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrat…

CVSS: 6.8 CWE: CWE-352
Read more
Low

CVE-2012-5325

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with…

CVSS: 2.1 CWE: CWE-79
Read more
Critical

CVE-2012-5324

Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string i…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-0846

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5323

Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests th…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-5322

Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5321

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-5320

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the admin…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-5319

Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests tha…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-1416

Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts vi…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2012-1308

Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the…

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2012-1189

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary co…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2011-5208

Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/opti…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2011-4928

Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-4342

PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2012-5317

SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action.

CVSS: 7.5 CWE: CWE-89
Read more
Low

CVE-2012-5316

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2012-5315

Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5314

Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5313

SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5312

SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5310

SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5309

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via…

CVSS: 6.8 CWE: CWE-287
Read more
Medium

CVE-2012-5308

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users f…

CVSS: 6.8 CWE: CWE-352
Read more
Low

CVE-2012-5307

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2012-4825

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-4824

Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing at…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2011-4640

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.

CVSS: 4.0 CWE: CWE-22
Read more
Medium

CVE-2011-4639

The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument,…

CVSS: 6.5 CWE: CWE-94
Read more
High

CVE-2011-4638

Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authe…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5064

Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challe…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5063

SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2012-10-07
Medium

CVE-2012-1414

Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2011-4911

Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2011-4910

Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-4909

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2011-4363

ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

CVSS: 2.6 CWE: CWE-59
Read more
Medium

CVE-2010-5278

Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read…

CVSS: 4.3 CWE: CWE-22
Read more
Medium

CVE-2010-5275

Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79
Read more
2012-10-06
Critical

CVE-2012-5306

Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-5305

Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5304

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOT…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2012-1634

Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EM…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2012-1624

Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2012-1564

Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-0987

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files vi…

CVSS: 6.0 CWE: CWE-22
Read more
Medium

CVE-2012-0986

Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-0065

Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNu…

CVSS: 4.6 CWE: CWE-119
Read more
High

CVE-2011-4932

Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary…

CVSS: 7.5 CWE: CWE-94
Read more
2012-10-05
Medium

CVE-2012-5303

Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2012-5051

Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2012-5050

Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2012-4896

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4895

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4894

Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2012-4018

Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

CVSS: 4.3 CWE: CWE-79
Read more
2012-10-04
Medium

CVE-2012-5240

Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application cras…

CVSS: 5.8 CWE: CWE-119
Read more
Medium

CVE-2012-2999

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for request…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2012-5300

SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5297

SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-5296

Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approv…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5295

Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5294

SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5207

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script o…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5206

Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5205

Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links paramet…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-5203

SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtain…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5293

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/g…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2012-5292

Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5291

SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5290

Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5289

Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-5288

SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-3819

Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon c…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2012-3511

Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors i…

CVSS: 6.2 CWE: CWE-362
Read more
2012-10-03
Medium

CVE-2012-3489

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users…

CVSS: 6.5 CWE: CWE-611
Read more
Medium

CVE-2012-3552

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an applicatio…

CVSS: 5.9 CWE: CWE-362
Read more
Low

CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a craft…

CVSS: 1.9 CWE: CWE-287
Read more
Low

CVE-2012-3430

The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from…

CVSS: 2.1 CWE: CWE-200
Read more
High

CVE-2012-3400

Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have…

CVSS: 7.6 CWE: CWE-787
Read more
2012-10-02
Medium

CVE-2012-3314

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted…

CVSS: 5.8 CWE: CWE-20
Read more
2012-10-01
Medium

CVE-2012-5234

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-4242

Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-1604

Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-1603

Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id paramet…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-1602

user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2012-1471

Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2012-1470

Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2012-5233

Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML v…

CVSS: 2.1 CWE: CWE-79
Read more
Medium

CVE-2012-1636

Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes v…

CVSS: 4.3 CWE: CWE-352
Read more
Medium

CVE-2012-0989

Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to ind…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5232

Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) upda…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2012-5229

Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-5228

Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via t…

CVSS: 4.3 CWE: CWE-79
Read more