Search

Search Results (363674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6503 2 Joomla, Ninjaforge 2 Joomla\!, Com Ninjaxplorer 2025-04-11 N/A
Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
CVE-2012-6504 1 Shawn Bradley 1 Php Volunteer Management 2025-04-11 N/A
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-6505 1 Shawn Bradley 1 Php Volunteer Management 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2012-6506 2 Wordpress, Zingiri 2 Wordpress, Zingiri Web Shop 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
CVE-2012-6507 1 Jason Sexauer 1 Churchcms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action.
CVE-2012-6508 1 Netartmedia 1 Car Portal 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.
CVE-2012-6509 1 Netartmedia 1 Car Portal 2025-04-11 N/A
Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.
CVE-2012-6510 1 Netartmedia 1 Car Portal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile.
CVE-2012-6511 1 Organizer Project 1 Organizer 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php.
CVE-2012-6512 1 Organizer Project 1 Organizer 2025-04-11 N/A
The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php.
CVE-2012-6513 1 Gpeasy 1 Gpeasy Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter.
CVE-2012-6514 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.
CVE-2012-6515 1 Efrontlearning 1 Efront 2025-04-11 N/A
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message.
CVE-2012-6516 1 Shawn Bradley 1 Php Ticket System 2025-04-11 N/A
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
CVE-2012-6517 1 Diy-cms 1 Diy-cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php.
CVE-2012-6518 1 Diy-cms 1 Diy-cms 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
CVE-2012-6519 1 Diy-cms 1 Diy-cms 2025-04-11 N/A
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.
CVE-2012-6520 1 Wikidforum 1 Wikidforum 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.
CVE-2012-6521 1 Elefantcms 1 Elefantcms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions.
CVE-2012-6522 1 W-cms 1 W-cms 2025-04-11 N/A
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.