Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5901 | 1 Dflabs | 1 Ptk | 2025-04-11 | N/A |
| DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. | ||||
| CVE-2012-5902 | 1 Dflabs | 1 Ptk | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. | ||||
| CVE-2012-5903 | 1 Simple Machines | 1 Smf | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | ||||
| CVE-2012-5904 | 1 Irfanview | 1 Irfanview | 2025-04-11 | N/A |
| Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image. | ||||
| CVE-2012-5905 | 1 Elif Keir | 1 Knftpd | 2025-04-11 | N/A |
| Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command. | ||||
| CVE-2012-5906 | 1 Morequick | 1 Greenbrowser | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js. | ||||
| CVE-2012-5907 | 1 Tomatocart | 1 Tomatocart | 2025-04-11 | N/A |
| Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action. | ||||
| CVE-2012-5908 | 1 Mybb | 1 Mybb | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php. | ||||
| CVE-2012-5909 | 1 Mybb | 1 Mybb | 2025-04-11 | N/A |
| SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | ||||
| CVE-2012-5910 | 1 B2evolution | 1 B2evolution | 2025-04-11 | N/A |
| SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | ||||
| CVE-2012-5911 | 1 B2evolution | 1 B2evolution | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. | ||||
| CVE-2012-5912 | 1 Pico | 1 Picopublisher | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | ||||
| CVE-2012-5913 | 2 Wordpress, Wordpress Integrator Project | 2 Wordpress, Wordpress Integrator | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. | ||||
| CVE-2012-5914 | 1 Neocrome | 1 Seditio | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-5915 | 1 Neocrome | 1 Seditio | 2025-04-11 | N/A |
| Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. | ||||
| CVE-2012-5916 | 1 Neocrome | 1 Seditio | 2025-04-11 | N/A |
| Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql. | ||||
| CVE-2012-5917 | 1 Tom Wilkason | 1 Snackamp | 2025-04-11 | N/A |
| SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file. | ||||
| CVE-2012-5918 | 1 Razorcms | 1 Razorcms | 2025-04-11 | N/A |
| razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. | ||||
| CVE-2012-5919 | 1 Havalite | 1 Cms | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php. | ||||
| CVE-2012-5920 | 2 Google, Redhat | 2 Web Toolkit, Jboss Operations Network | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563. | ||||