Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5370 | 2012-11-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5370. Reason: This candidate is a duplicate of CVE-2012-5370. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5370 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-5371 | 2012-11-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5371. Reason: This candidate is a duplicate of CVE-2012-5371. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5371 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-5372 | 2012-11-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5372. Reason: This candidate is a duplicate of CVE-2012-5372. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5372 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-5373 | 2012-11-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5373. Reason: This candidate is a duplicate of CVE-2012-5373. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5373 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-5286 | 2 Joobi, Joomla | 2 Com Jstore, Joomla\! | 2012-11-26 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2012-4602 | 1 Tecnick | 1 Tcexam | 2012-11-26 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter. | |||||
| CVE-2012-6039 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2012-11-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||||
| CVE-2012-6047 | 1 X7 Group | 1 X7 Chat | 2012-11-26 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php. | |||||
| CVE-2012-6048 | 1 Guitar-pro | 1 Guitar Pro | 2012-11-26 | 5.0 MEDIUM | N/A |
| Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file. | |||||
| CVE-2012-1826 | 1 Dotcms | 1 Dotcms | 2012-11-26 | 6.0 MEDIUM | N/A |
| dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. | |||||
| CVE-2012-0947 | 1 Libav | 1 Libav | 2012-11-26 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size. | |||||
| CVE-2011-3506 | 1 Oracle | 1 Sun Products Suite | 2012-11-26 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication. | |||||
| CVE-2008-3069 | 1 Mybb | 1 Mybb | 2012-11-26 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. | |||||
| CVE-2008-3070 | 1 Mybb | 1 Mybb | 2012-11-26 | 7.5 HIGH | N/A |
| Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | |||||
| CVE-2008-3071 | 1 Mybb | 1 Mybb | 2012-11-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | |||||
| CVE-2008-3072 | 1 Simple Machines | 1 Simple Machines Forum | 2012-11-26 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors. | |||||
| CVE-2008-3073 | 1 Simple Machines | 1 Simple Machines Forum | 2012-11-26 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag." | |||||
| CVE-2008-3196 | 1 Yacc | 1 Yacc | 2012-11-26 | 7.8 HIGH | N/A |
| skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack. | |||||
| CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2012-11-25 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | |||||
| CVE-2012-3513 | 1 Munin-monitoring | 1 Munin | 2012-11-23 | 9.3 HIGH | N/A |
| munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. | |||||