Export limit exceeded: 367109 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367109 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367109 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1207 | 1 Fork-cms | 1 Fork Cms | 2025-04-11 | N/A |
| Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php. | ||||
| CVE-2012-1208 | 1 Fork-cms | 1 Fork Cms | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. | ||||
| CVE-2012-1209 | 1 Fork-cms | 1 Fork Cms | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | ||||
| CVE-2012-1210 | 1 Powie | 1 Pfile | 2025-04-11 | N/A |
| SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-1211 | 1 Powie | 1 Pfile | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | ||||
| CVE-2012-1234 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | ||||
| CVE-2012-1212 | 1 Smwplus | 1 Smw\+ | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-1213 | 1 Zimbra | 1 Zimbra | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | ||||
| CVE-2012-1214 | 1 Yoono | 1 Yoono Desktop | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. | ||||
| CVE-2012-1215 | 1 Yoono | 1 Yoono For Firefox | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. | ||||
| CVE-2012-0935 | 1 Aryadad | 1 Aryadad Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter. | ||||
| CVE-2012-0936 | 1 Opennms.org | 1 Opennms | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. | ||||
| CVE-2012-0934 | 2 Wordpress, Zingiri | 2 Wordpress, Theme Tuner Plugin | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter. | ||||
| CVE-2012-0933 | 1 Acidcat | 1 Acidcat Cms | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. | ||||
| CVE-2012-0670 | 1 Apple | 1 Quicktime | 2025-04-11 | N/A |
| Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file. | ||||
| CVE-2012-0672 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | ||||
| CVE-2012-0674 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | ||||
| CVE-2012-0675 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | ||||
| CVE-2012-0676 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. | ||||
| CVE-2012-0677 | 1 Apple | 1 Itunes | 2025-04-11 | N/A |
| Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | ||||