Search

Search Results (363308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5291 1 Possesports 1 Posse Softball Director Cms 2025-04-11 N/A
SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.
CVE-2012-5292 1 Atar2b 1 Atar2b Cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
CVE-2012-5293 1 Redgraphic 1 Sapid Cms 2025-04-11 N/A
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.
CVE-2012-5294 1 Mystorexpress 1 Tienda Virtual 2025-04-11 N/A
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-5298 1 Mavili Guestbook Project 1 Mavili Guestbook 2025-04-11 N/A
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.
CVE-2012-5299 1 Mavili Guestbook Project 1 Mavili Guestbook 2025-04-11 N/A
Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.
CVE-2012-5300 1 Mystorexpress 1 Tienda Virtual 2025-04-11 N/A
SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-5301 1 Cerberusftp 1 Ftp Server 2025-04-11 N/A
The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.
CVE-2012-5302 1 Tibco 1 Formvine 2025-04-11 N/A
The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVE-2012-5303 1 Monkey-project 1 Monkey 2025-04-11 N/A
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.
CVE-2012-5304 1 Yuriy V Semenikhin 1 Yvs Image Gallery 2025-04-11 N/A
Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
CVE-2012-5305 1 Directadmin 1 Directadmin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
CVE-2012-5315 1 Php Ireport Project 1 Php Ireport 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.
CVE-2012-5306 1 Dlink 2 Camera Stream Client Activex Control, Dcs-5605 Ptz Ip Network Camera 2025-04-11 N/A
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument.
CVE-2012-5307 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.
CVE-2012-5308 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.
CVE-2012-5309 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2012-5310 2 Getshopped, Wordpress 2 Wp E-commerce, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5312 1 Tribiq 1 Tribiq Cms 2025-04-11 N/A
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2012-5313 1 Snitz Communications 1 Snitz Forums 2000 2025-04-11 N/A
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.