Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363801 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5897 | 1 Quest | 1 Intrust | 2025-04-11 | N/A |
| The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument. | ||||
| CVE-2012-5898 | 1 Samedia | 1 Landshop | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings. | ||||
| CVE-2012-5899 | 1 Samedia | 1 Landshop | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-5900 | 1 Samedia | 1 Landshop | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php. | ||||
| CVE-2012-5901 | 1 Dflabs | 1 Ptk | 2025-04-11 | N/A |
| DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. | ||||
| CVE-2012-5902 | 1 Dflabs | 1 Ptk | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. | ||||
| CVE-2012-5903 | 1 Simple Machines | 1 Smf | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | ||||
| CVE-2012-5904 | 1 Irfanview | 1 Irfanview | 2025-04-11 | N/A |
| Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image. | ||||
| CVE-2012-5905 | 1 Elif Keir | 1 Knftpd | 2025-04-11 | N/A |
| Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command. | ||||
| CVE-2012-5906 | 1 Morequick | 1 Greenbrowser | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js. | ||||
| CVE-2012-5907 | 1 Tomatocart | 1 Tomatocart | 2025-04-11 | N/A |
| Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action. | ||||
| CVE-2012-5908 | 1 Mybb | 1 Mybb | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php. | ||||
| CVE-2012-5909 | 1 Mybb | 1 Mybb | 2025-04-11 | N/A |
| SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | ||||
| CVE-2012-5910 | 1 B2evolution | 1 B2evolution | 2025-04-11 | N/A |
| SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | ||||
| CVE-2012-5911 | 1 B2evolution | 1 B2evolution | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. | ||||
| CVE-2012-5912 | 1 Pico | 1 Picopublisher | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | ||||
| CVE-2012-5913 | 2 Wordpress, Wordpress Integrator Project | 2 Wordpress, Wordpress Integrator | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. | ||||
| CVE-2012-5914 | 1 Neocrome | 1 Seditio | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-5915 | 1 Neocrome | 1 Seditio | 2025-04-11 | N/A |
| Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. | ||||
| CVE-2012-5916 | 1 Neocrome | 1 Seditio | 2025-04-11 | N/A |
| Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql. | ||||