Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4909 | 1 Joomla | 1 Joomla\! | 2012-10-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. | |||||
| CVE-2011-4910 | 1 Joomla | 1 Joomla\! | 2012-10-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2011-4911 | 1 Joomla | 1 Joomla\! | 2012-10-07 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | |||||
| CVE-2011-4932 | 1 Impresspages | 1 Impresspages Cms | 2012-10-07 | 7.5 HIGH | N/A |
| Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter. | |||||
| CVE-2012-1623 | 2 Aidanlister, Drupal | 2 Regcode, Drupal | 2012-10-07 | 5.0 MEDIUM | N/A |
| The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | |||||
| CVE-2012-5304 | 1 Yuriy V Semenikhin | 1 Yvs Image Gallery | 2012-10-07 | 7.5 HIGH | N/A |
| Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. | |||||
| CVE-2011-5204 | 1 Akiva | 1 Webboard | 2012-10-04 | 1.9 LOW | N/A |
| Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. | |||||
| CVE-2012-1897 | 1 Wolfcms | 1 Wolf Cms | 2012-10-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout. | |||||
| CVE-2012-0956 | 1 Ubiquity Slideshow Team | 1 Ubiquity-slideshow-ubuntu | 2012-10-03 | 6.8 MEDIUM | N/A |
| ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the <a> tag of a Twitter feed. | |||||
| CVE-2012-5239 | 2012-10-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-3491 | 1 Condor Project | 1 Condor | 2012-10-02 | 4.0 MEDIUM | N/A |
| src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors. | |||||
| CVE-2012-3492 | 1 Condor Project | 1 Condor | 2012-10-02 | 6.4 MEDIUM | N/A |
| The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory. | |||||
| CVE-2012-3493 | 1 Condor Project | 1 Condor | 2012-10-02 | 5.8 MEDIUM | N/A |
| The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId. | |||||
| CVE-2012-4065 | 1 Eucalyptus | 1 Eucalyptus | 2012-10-02 | 3.5 LOW | N/A |
| Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting. | |||||
| CVE-2012-4064 | 1 Eucalyptus | 1 Eucalyptus | 2012-10-02 | 6.5 MEDIUM | N/A |
| Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id. | |||||
| CVE-2012-1603 | 1 Nextbbs | 1 Nextbbs | 2012-10-02 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | |||||
| CVE-2012-1898 | 1 Ivano Binetti | 1 Wolf Cms | 2012-10-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters. | |||||
| CVE-2012-1470 | 1 Ocportal | 1 Ocportal | 2012-10-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. | |||||
| CVE-2012-1471 | 1 Ocportal | 1 Ocportal | 2012-10-01 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2012-1602 | 1 Nextbbs | 1 Nextbbs | 2012-10-01 | 7.5 HIGH | N/A |
| user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | |||||