Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0974 | 1 Juan Ramon | 1 Osclass | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php. | ||||
| CVE-2012-0975 | 1 Clixint | 1 Image Hosting Script Dpi | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter. | ||||
| CVE-2012-0976 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-0977 | 1 Luratech | 1 Lurawave Jp2 Activex Control | 2025-04-11 | N/A |
| Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | ||||
| CVE-2012-0978 | 1 Luratech | 1 Lurawave Jp2 Browser Plug-in | 2025-04-11 | N/A |
| Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | ||||
| CVE-2012-0979 | 1 Twiki | 1 Twiki | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user. | ||||
| CVE-2012-0980 | 1 Phux | 1 Download Manager | 2025-04-11 | N/A |
| SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter. | ||||
| CVE-2012-0981 | 1 Kybernetika | 1 Phpshowtime | 2025-04-11 | N/A |
| Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information. | ||||
| CVE-2012-0982 | 1 Vastal | 1 Agent Zone | 2025-04-11 | N/A |
| SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter. | ||||
| CVE-2012-0983 | 1 Scriptsez | 1 Ez Album | 2025-04-11 | N/A |
| SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
| CVE-2012-0985 | 1 Sony | 4 Smartwi Connection Utillity, Vaio Easy Connect, Vaio Pc Wireless Lan Wizard and 1 more | 2025-04-11 | N/A |
| Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method. | ||||
| CVE-2012-0986 | 1 Impresscms | 1 Impresscms | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) notifications.php, (2) modules/system/admin/images/browser.php, and (3) modules/content/admin/content.php. | ||||
| CVE-2012-0987 | 1 Impresscms | 1 Impresscms | 2025-04-11 | N/A |
| Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter. | ||||
| CVE-2012-0988 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php. | ||||
| CVE-2012-0989 | 1 Oneorzero | 1 Action And Information Management System | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | ||||
| CVE-2012-0990 | 1 Dclassifieds | 1 Dclassifieds | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters. | ||||
| CVE-2012-0991 | 1 Openemr | 1 Openemr | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. | ||||
| CVE-2012-0992 | 1 Openemr | 1 Openemr | 2025-04-11 | N/A |
| interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. | ||||
| CVE-2012-0993 | 1 Zenphoto | 1 Zenphoto | 2025-04-11 | N/A |
| Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie. | ||||
| CVE-2012-0994 | 1 Zenphoto | 1 Zenphoto | 2025-04-11 | N/A |
| SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter. | ||||