Export limit exceeded: 363508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5899 1 Samedia 1 Landshop 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information.
CVE-2012-5900 1 Samedia 1 Landshop 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
CVE-2012-5901 1 Dflabs 1 Ptk 2025-04-11 N/A
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
CVE-2012-5902 1 Dflabs 1 Ptk 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
CVE-2012-5903 1 Simple Machines 1 Smf 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
CVE-2012-5904 1 Irfanview 1 Irfanview 2025-04-11 N/A
Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.
CVE-2012-5905 1 Elif Keir 1 Knftpd 2025-04-11 N/A
Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.
CVE-2012-5906 1 Morequick 1 Greenbrowser 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js.
CVE-2012-5907 1 Tomatocart 1 Tomatocart 2025-04-11 N/A
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
CVE-2012-5908 1 Mybb 1 Mybb 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
CVE-2012-5909 1 Mybb 1 Mybb 2025-04-11 N/A
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
CVE-2012-5910 1 B2evolution 1 B2evolution 2025-04-11 N/A
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
CVE-2012-5911 1 B2evolution 1 B2evolution 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body.
CVE-2012-5912 1 Pico 1 Picopublisher 2025-04-11 N/A
Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.
CVE-2012-5913 2 Wordpress, Wordpress Integrator Project 2 Wordpress, Wordpress Integrator 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
CVE-2012-5914 1 Neocrome 1 Seditio 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-5915 1 Neocrome 1 Seditio 2025-04-11 N/A
Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message.
CVE-2012-5916 1 Neocrome 1 Seditio 2025-04-11 N/A
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql.
CVE-2012-5917 1 Tom Wilkason 1 Snackamp 2025-04-11 N/A
SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file.
CVE-2012-5918 1 Razorcms 1 Razorcms 2025-04-11 N/A
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.