Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1021 1 4homepages 1 4images 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.
CVE-2012-1022 1 4homepages 1 4images 2025-04-11 N/A
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.
CVE-2012-1023 1 4homepages 1 4images 2025-04-11 N/A
Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
CVE-2012-1024 1 Dream-multimedia-tv 1 Enigma2 Webinterface 2025-04-11 N/A
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2012-1025 1 Dream-multimedia-tv 1 Enigma2 Webinterface 2025-04-11 N/A
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
CVE-2012-1026 1 Johannes Ekberg 1 Xray Cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
CVE-2012-1027 1 Project-open 1 \]project-open\[ 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed.
CVE-2012-1028 1 Simple-groupware 1 Simplegroupware 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter.
CVE-2012-1029 1 Tubeace 1 Tube Ace 2025-04-11 N/A
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-1031 1 Episerver 1 Episerver Cms 2025-04-11 N/A
Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417.
CVE-2012-1033 2 Isc, Redhat 2 Bind, Enterprise Linux 2025-04-11 N/A
The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
CVE-2012-1034 1 Episerver 1 Episerver Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1035 1 Adacore 1 Ada Web Services 2025-04-11 N/A
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2012-1037 1 Glpi-project 1 Glpi 2025-04-11 N/A
PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.
CVE-2012-1038 1 Juniper 1 Networks Mobility System Software 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
CVE-2012-1039 1 Dotclear 1 Dotclear 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
CVE-2012-1046 1 Ibm 1 Cognos Tm1 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.
CVE-2012-1047 1 Cyberoam 1 Cyberoam Central Console 2025-04-11 N/A
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action.
CVE-2012-1048 1 Efrontlearning 1 Efront Community \+\+ 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2012-1049 1 Manageengine 1 Admanager Plus 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.