Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1507 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php. | ||||
| CVE-2012-1556 | 1 Synology | 2 Diskstation Manager, Synology Photo Station | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | ||||
| CVE-2012-1600 | 2 Opensuse, Phppgadmin Project | 2 Opensuse, Phppgadmin | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function. | ||||
| CVE-2012-1621 | 1 Apache | 1 Ofbiz | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-1664 | 1 Oscmax | 1 Oscmax | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php. | ||||
| CVE-2012-1665 | 1 Oscmax | 1 Oscmax | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | ||||
| CVE-2012-1669 | 1 Phpmoneybooks | 1 Phpmoneybooks | 2025-04-12 | N/A |
| Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | ||||
| CVE-2012-1978 | 1 Simple Php Agenda Project | 1 Simple Php Agenda | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/. | ||||
| CVE-2012-2052 | 1 Adobe | 2 Photoshop Cs5, Photoshop Cs5.1 | 2025-04-12 | N/A |
| Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element. | ||||
| CVE-2012-2134 | 2 Martin Nagy, Redhat | 2 Bind-dyndb-ldap, Enterprise Linux | 2025-04-12 | N/A |
| The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query. | ||||
| CVE-2012-2150 | 2 Redhat, Sgi | 2 Enterprise Linux, Xfsprogs | 2025-04-12 | N/A |
| xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. | ||||
| CVE-2012-2301 | 1 Ubercart | 1 Ubercart | 2025-04-12 | N/A |
| The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2012-2413 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | ||||
| CVE-2012-2569 | 1 Synametrics | 1 Xeams | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | ||||
| CVE-2012-2572 | 1 Mindreantre | 1 Threewp Email Reflector | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. | ||||
| CVE-2023-21684 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-04-12 | 8.8 High |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-21801 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2025-04-12 | 7.8 High |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-21717 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-04-12 | 8.8 High |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||||
| CVE-2023-21754 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-04-12 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-21771 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2022 | 2025-04-12 | 7 High |
| Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | ||||