Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2920 | 2 User Photo, Wordpress | 2 User Photo, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-2922 | 1 Drupal | 1 Drupal | 2017-08-28 | 5.0 MEDIUM | N/A |
| The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. | |||||
| CVE-2012-2923 | 1 Hypermethod | 1 Elearning Server | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||
| CVE-2012-2924 | 1 Hypermethod | 1 Elearning Server | 2017-08-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2012-2925 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action. | |||||
| CVE-2012-2927 | 2 Atlassian, Tm Software | 4 Jira, Tempo, Tempo6.3.0 and 1 more | 2017-08-28 | 4.0 MEDIUM | N/A |
| The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. | |||||
| CVE-2012-2935 | 1 Oscommerce | 1 Online Merchant | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059. | |||||
| CVE-2012-2936 | 1 Pligg | 1 Pligg Cms | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to (c) admin/admin_index.php. | |||||
| CVE-2012-2937 | 1 Pligg | 1 Pligg Cms | 2017-08-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module. | |||||
| CVE-2012-2938 | 1 Itechscripts | 1 Travelon Express | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. | |||||
| CVE-2012-2939 | 1 Itechscripts | 1 Travelon Express | 2017-08-28 | 6.5 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. | |||||
| CVE-2012-2940 | 1 Mediachance | 1 Real-draw Pro | 2017-08-28 | 4.3 MEDIUM | N/A |
| MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file. | |||||
| CVE-2012-2941 | 1 Yandex | 1 Yandex.server 2010 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||||
| CVE-2012-2942 | 1 Haproxy | 1 Haproxy | 2017-08-28 | 5.1 MEDIUM | N/A |
| Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-2943 | 1 Captcha | 1 Cryptographp | 2017-08-28 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter. | |||||
| CVE-2012-2948 | 1 Asterisk | 2 Certified Asterisk, Open Source | 2017-08-28 | 4.0 MEDIUM | N/A |
| chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. | |||||
| CVE-2012-2952 | 1 Jaow | 1 Jaow | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter. | |||||
| CVE-2012-2956 | 1 Spiceworks | 1 Spiceworks | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS. | |||||
| CVE-2012-2993 | 1 Microsoft | 1 Windows Phone | 2017-08-28 | 2.6 LOW | N/A |
| Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. | |||||
| CVE-2012-2997 | 1 F5 | 1 Big-ip Configuration Utility | 2017-08-28 | 4.0 MEDIUM | N/A |
| XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file. | |||||