Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5888 | 2 Benjamin Mack, Typo3 | 2 Seo Basics, Typo3 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5889 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5890 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. | |||||
| CVE-2012-5892 | 1 Havalite | 1 Cms | 2017-08-28 | 5.0 MEDIUM | N/A |
| Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3. | |||||
| CVE-2012-5893 | 1 Havalite | 1 Cms | 2017-08-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/. | |||||
| CVE-2012-5894 | 1 Havalite | 1 Cms | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | |||||
| CVE-2012-5895 | 1 Irods | 1 Irods | 2017-08-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors. | |||||
| CVE-2012-5896 | 1 Quest | 1 Intrust | 2017-08-28 | 10.0 HIGH | N/A |
| The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer." | |||||
| CVE-2012-5901 | 1 Dflabs | 1 Ptk | 2017-08-28 | 5.0 MEDIUM | N/A |
| DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. | |||||
| CVE-2012-5902 | 1 Dflabs | 1 Ptk | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. | |||||
| CVE-2012-5903 | 1 Simple Machines | 1 Smf | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | |||||
| CVE-2012-5904 | 1 Irfanview | 1 Irfanview | 2017-08-28 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image. | |||||
| CVE-2012-5905 | 1 Elif Keir | 1 Knftpd | 2017-08-28 | 4.0 MEDIUM | N/A |
| Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command. | |||||
| CVE-2012-5906 | 1 Morequick | 1 Greenbrowser | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js. | |||||
| CVE-2012-5907 | 1 Tomatocart | 1 Tomatocart | 2017-08-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action. | |||||
| CVE-2012-5908 | 1 Mybb | 1 Mybb | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php. | |||||
| CVE-2012-5909 | 1 Mybb | 1 Mybb | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | |||||
| CVE-2012-5910 | 1 B2evolution | 1 B2evolution | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | |||||
| CVE-2012-5911 | 1 B2evolution | 1 B2evolution | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. | |||||
| CVE-2012-5912 | 1 Pico | 1 Picopublisher | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | |||||