Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1507 1 Orangehrm 1 Orangehrm 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
CVE-2012-1556 1 Synology 2 Diskstation Manager, Synology Photo Station 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
CVE-2012-1600 2 Opensuse, Phppgadmin Project 2 Opensuse, Phppgadmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.
CVE-2012-1621 1 Apache 1 Ofbiz 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.
CVE-2012-1664 1 Oscmax 1 Oscmax 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.
CVE-2012-1665 1 Oscmax 1 Oscmax 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.
CVE-2012-1669 1 Phpmoneybooks 1 Phpmoneybooks 2025-04-12 N/A
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2012-1978 1 Simple Php Agenda Project 1 Simple Php Agenda 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.
CVE-2012-2052 1 Adobe 2 Photoshop Cs5, Photoshop Cs5.1 2025-04-12 N/A
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.
CVE-2012-2134 2 Martin Nagy, Redhat 2 Bind-dyndb-ldap, Enterprise Linux 2025-04-12 N/A
The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.
CVE-2012-2150 2 Redhat, Sgi 2 Enterprise Linux, Xfsprogs 2025-04-12 N/A
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
CVE-2012-2301 1 Ubercart 1 Ubercart 2025-04-12 N/A
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
CVE-2012-2413 1 Joomla 1 Joomla\! 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
CVE-2012-2569 1 Synametrics 1 Xeams 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
CVE-2012-2572 1 Mindreantre 1 Threewp Email Reflector 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
CVE-2023-21684 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-04-12 8.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-21801 1 Microsoft 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more 2025-04-12 7.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-21717 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2025-04-12 8.8 High
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-21754 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2025-04-12 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21771 1 Microsoft 3 Windows 10, Windows 11, Windows Server 2022 2025-04-12 7 High
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability