Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2896 | 2 Apple, Google | 2 Mac Os X, Chrome | 2017-08-28 | 7.5 HIGH | N/A |
| Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-2901 | 2 Joomla, Ryan Demmer | 2 Joomla\!, Joomla Content Editor | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. | |||||
| CVE-2012-2902 | 2 Joomla, Ryan Demmer | 2 Joomla\!, Joomla Content Editor | 2017-08-28 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. | |||||
| CVE-2012-2903 | 1 Chatelao | 1 Php Address Book | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php. | |||||
| CVE-2012-2904 | 1 Longtailvideo | 1 Jw Player | 2017-08-28 | 4.3 MEDIUM | N/A |
| player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter. | |||||
| CVE-2012-2905 | 1 Artiphp | 1 Artiphp Cms | 2017-08-28 | 5.0 MEDIUM | N/A |
| Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2012-2906 | 1 Artiphp | 1 Artiphp Cms | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter. | |||||
| CVE-2012-2907 | 2 Drupal, Ishmael Sanchez | 2 Drupal, Aberdeen | 2017-08-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. | |||||
| CVE-2012-2908 | 1 Viscacha | 1 Viscacha | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter. | |||||
| CVE-2012-2909 | 1 Viscacha | 1 Viscacha | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar. | |||||
| CVE-2012-2910 | 1 Silisoftware | 1 Phpthumb\(\) | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php. | |||||
| CVE-2012-2911 | 1 Silisoftware | 1 Backupdb\(\) | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter. | |||||
| CVE-2012-2912 | 2 Kolja Schleich, Wordpress | 2 Leaguemanager, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. | |||||
| CVE-2012-2913 | 2 Mapsmarker, Wordpress | 2 Leaflet Maps Marker Plugin, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php. | |||||
| CVE-2012-2914 | 1 Unijimpe | 1 Captcha | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2012-2915 | 1 Lattice Semiconductor | 1 Pac-designer | 2017-08-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file. | |||||
| CVE-2012-2916 | 2 Dlo, Wordpress | 2 Simple Anti Bot Registration Engine Plugin, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. | |||||
| CVE-2012-2917 | 2 Andrew Killen, Wordpress | 2 Share And Follow, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. | |||||
| CVE-2012-2918 | 1 Chevereto | 1 Chevereto | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | |||||
| CVE-2012-2919 | 1 Chevereto | 1 Chevereto | 2017-08-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. | |||||