Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0926 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-24 | 9.3 HIGH | N/A |
| The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. | |||||
| CVE-2012-0927 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-24 | 9.3 HIGH | N/A |
| Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. | |||||
| CVE-2012-1047 | 1 Cyberoam | 1 Cyberoam Central Console | 2012-02-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action. | |||||
| CVE-2012-0996 | 1 11in1 | 1 11in1 | 2012-02-24 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. | |||||
| CVE-2012-0997 | 1 11in1 | 1 11in1 | 2012-02-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action. | |||||
| CVE-2012-0998 | 1 Lepton-cms | 1 Lepton | 2012-02-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2012-0999 | 1 Lepton-cms | 1 Lepton | 2012-02-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter. | |||||
| CVE-2012-1000 | 1 Lepton-cms | 1 Lepton | 2012-02-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php. | |||||
| CVE-2012-1205 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2012-02-24 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2012-1208 | 1 Fork-cms | 1 Fork Cms | 2012-02-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. | |||||
| CVE-2011-4187 | 2 Microsoft, Novell | 2 Windows, Iprint | 2012-02-23 | 10.0 HIGH | N/A |
| Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173. | |||||
| CVE-2012-0224 | 1 7t | 1 Aquis | 2012-02-23 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223. | |||||
| CVE-2012-0873 | 1 Boonex | 1 Dolphin | 2012-02-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. | |||||
| CVE-2012-1216 | 1 Pbboard | 1 Pbboard | 2012-02-23 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via an add action or (2) change the contents of a file via a dit action. | |||||
| CVE-2012-1227 | 1 Pluck-cms | 1 Pluck | 2012-02-23 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. | |||||
| CVE-2012-1290 | 1 Sap | 1 Netweaver | 2012-02-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. | |||||
| CVE-2012-1291 | 1 Sap | 1 Netweaver | 2012-02-23 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | |||||
| CVE-2011-1914 | 1 Advantech | 3 Adam Opc Server, Modbus Rtu Opc Server, Modbus Tcp Opc Server | 2012-02-22 | 10.0 HIGH | N/A |
| Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-1234 | 1 Advantech | 1 Advantech Webaccess | 2012-02-22 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | |||||
| CVE-2012-1235 | 1 Advantech | 1 Advantech Webaccess | 2012-02-22 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | |||||