Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5913 | 2 Wordpress, Wordpress Integrator Project | 2 Wordpress, Wordpress Integrator | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. | |||||
| CVE-2012-5914 | 1 Neocrome | 1 Seditio | 2017-08-28 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5915 | 1 Neocrome | 1 Seditio | 2017-08-28 | 5.0 MEDIUM | N/A |
| Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. | |||||
| CVE-2012-5916 | 1 Neocrome | 1 Seditio | 2017-08-28 | 5.0 MEDIUM | N/A |
| Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql. | |||||
| CVE-2012-5917 | 1 Tom Wilkason | 1 Snackamp | 2017-08-28 | 4.3 MEDIUM | N/A |
| SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file. | |||||
| CVE-2012-5919 | 1 Havalite | 1 Cms | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php. | |||||
| CVE-2012-5920 | 1 Google | 1 Web Toolkit | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563. | |||||
| CVE-2012-5936 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2012-5937 | 1 Ibm | 4 Gentran Integration Suite, Sterling B2b Integrator, Sterling File Gateway and 1 more | 2017-08-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2012-5938 | 3 Conectiva, Ibm, Novell | 3 Linux, Infosphere Information Server, Unixware | 2017-08-28 | 7.2 HIGH | N/A |
| The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2012-5939 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2012-5940 | 1 Ibm | 1 Netezza | 2017-08-28 | 4.3 MEDIUM | N/A |
| The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process. | |||||
| CVE-2012-5941 | 1 Ibm | 1 Netezza | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. | |||||
| CVE-2012-5942 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. | |||||
| CVE-2012-5943 | 1 Ibm | 1 Lotus Inotes | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9. | |||||
| CVE-2012-5945 | 1 Ibm | 1 Spss Samplepower | 2017-08-28 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value. | |||||
| CVE-2012-5946 | 1 Ibm | 1 Spss Samplepower | 2017-08-28 | 9.3 HIGH | N/A |
| Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string. | |||||
| CVE-2012-5947 | 1 Ibm | 1 Spss Samplepower | 2017-08-28 | 9.3 HIGH | N/A |
| Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5948 | 1 Ibm | 1 Tririga Application Platform | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) WebProcess.srv, (2) the html/en/default/ directory, (3) Widget/resource, (4) birt/frameset, or (5) ganttlib/gantt-jws.jnlp. | |||||
| CVE-2012-5949 | 1 Ibm | 1 Tririga Application Platform | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp. | |||||