Search

Search Results (363576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5327 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-11 N/A
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
CVE-2012-5328 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
CVE-2012-5329 1 Typsoft 1 Typsoft Ftp Server 2025-04-11 N/A
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.
CVE-2012-5330 1 Nasir Khan 1 Asaancart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.
CVE-2012-5331 1 Nasir Khan 1 Asaancart 2025-04-11 N/A
Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.
CVE-2012-5332 1 At32 1 Reverse Proxy 2025-04-11 N/A
at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field.
CVE-2012-5333 1 Preprojects 1 Pre Printing Press 2025-04-11 N/A
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-5334 1 Preprojects 1 Pre Printing Press 2025-04-11 N/A
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2012-5335 1 Saurabh Gupta 1 Tiny Server 2025-04-11 N/A
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
CVE-2012-5337 1 Jforum 1 Jforum 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
CVE-2012-5338 1 Jforum 1 Jforum 2025-04-11 N/A
Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page.
CVE-2012-5339 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.
CVE-2012-5341 1 Otterware 1 Statit 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.
CVE-2012-5342 1 Michau Enterprises Llc 1 Commonsense Cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
CVE-2012-5343 1 Limny 1 Limny 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.
CVE-2012-5344 1 Kepler Lam 1 Iptools 2025-04-11 N/A
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
CVE-2012-5345 1 Kepler Lam 1 Iptools 2025-04-11 N/A
Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.
CVE-2012-5346 2 Bencemeszaros, Wordpress 2 Wp-livephp, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-5347 1 Tinywebgallery 1 Tinywebgallery 2025-04-11 N/A
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
CVE-2012-5348 1 Wilson Steven 1 Mangosweb Enhanced 2025-04-11 N/A
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.