VIR Vulnerability Intelligence Relay

Search

Found 6,375 results in 2416ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-5858 medium 5.3 EXP samsung 14y ago Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the…
CVE-2012-5367 medium 7.0 EXP orangehrm 14y ago Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPa…
CVE-2012-5615 medium 6.0 EXP mariadboracle 14y ago Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending …
CVE-2012-5614 medium 5.0 EXP rhel oraclemariadb 14y ago Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT com…
CVE-2012-5613 medium 7.0 EXP linux-kernel mariadboracle 14y ago MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows …
CVE-2012-5612 medium 7.5 EXP suse suseubuntu ubuntu mariadboracle 14y ago Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (m…
CVE-2012-5611 medium 7.5 EXP linux-kernel mariadboracle 14y ago Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x b…
CVE-2012-6050 medium 7.4 EXP 14y ago The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request…
CVE-2012-6048 medium 6.0 EXP guitar-pro 14y ago Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.
CVE-2012-6047 medium 7.8 EXP x7_group 14y ago Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary grou…
CVE-2012-6045 medium 5.3 EXP ramui 14y ago Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2010-5285 medium 7.8 EXP o-dyn 14y ago Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via …
CVE-2010-5284 medium 5.3 EXP o-dyn 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to ma…
CVE-2010-5281 medium 7.8 EXP net4visions 14y ago Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot d…
CVE-2010-5280 high 8.5 EXP joomla-cbejoomla 14y ago Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files…
CVE-2012-6044 medium 5.3 EXP mjsware 14y ago M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
CVE-2012-6043 medium 5.3 EXP php-fusion 14y ago Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
CVE-2012-6042 medium 5.3 EXP geopainting 14y ago GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file.
CVE-2012-6041 medium 7.8 EXP morequick 14y ago Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe.
CVE-2012-6040 medium 5.3 EXP convergine 14y ago Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2012-6039 high 8.5 EXP yabsoft 14y ago SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
CVE-2012-6038 medium 7.5 EXP razorcms 14y ago admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, mov…
CVE-2012-2437 medium 6.0 EXP awcm-cms 14y ago cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content…
CVE-2012-0698 medium 6.0 EXPFIX debian debian trustedcomputinggroup 14y ago tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.
CVE-2012-5533 medium 6.0 EXPFIX debian debian lighttpd 14y ago The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token…
CVE-2012-5861 high 8.8 EXP 14y ago These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can…
CVE-2012-4409 medium 7.8 EXPFIX debian debian mcrypt 14y ago Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted…
CVE-2012-5519 high 8.2 EXPFIX debian debian apple 14y ago CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local use…
CVE-2012-4366 low 4.3 EXP 14y ago Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the…
CVE-2012-5919 medium 5.3 EXP havalite 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/find…
CVE-2012-5918 medium 5.0 EXP razorcms 14y ago razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
CVE-2012-4552 medium 7.8 EXPFIX debian debian steve_j_baker 14y ago Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, …
CVE-2012-4958 high 8.8 EXP novell 14y ago Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an …
CVE-2012-4957 high 8.8 EXP novell 14y ago Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an…
CVE-2012-5917 medium 5.3 EXP tom_wilkason 14y ago SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file.
CVE-2012-5913 medium 5.3 EXP wordpress_integrator_projectwordpress 14y ago Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to …
CVE-2012-5912 high 8.5 EXP pico 14y ago Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.
CVE-2012-5909 high 8.5 EXP mybb 14y ago SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in …
CVE-2012-5908 medium 5.3 EXP mybb 14y ago Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergrou…
CVE-2012-5907 medium 6.0 EXP tomatocart 14y ago Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" acti…
CVE-2012-5905 medium 5.0 EXP elif_keir 14y ago Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.
CVE-2012-5903 medium 5.3 EXP simple_machines 14y ago Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
CVE-2012-5900 high 8.5 EXP samedia 14y ago Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (…
CVE-2012-5899 medium 5.3 EXP samedia 14y ago Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit …
CVE-2012-5898 medium 7.8 EXP samedia 14y ago Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
CVE-2012-5894 high 8.5 EXP havalite 14y ago SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
CVE-2012-5891 medium 7.8 EXP dalbum 14y ago Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests th…
CVE-2012-5851 medium 5.3 EXP applegoogle 14y ago html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remo…
CVE-2012-4951 high 8.5 EXP verifone 14y ago Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalI…
CVE-2012-4949 medium 7.5 EXP esri 14y ago SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
CVE-2012-2619 high 8.8 EXPFIX debian debianmacos macos 14y ago The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cau…
CVE-2012-4554 medium 6.0 EXP drupal 14y ago The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
CVE-2012-4515 medium 7.8 EXP 14y ago Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibl…
CVE-2012-4514 medium 6.0 EXP 14y ago rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a fr…
CVE-2012-4513 medium 7.4 EXP 14y ago khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpect…
CVE-2012-3748 medium 6.1 EXP slesmacos macos apple 14y ago Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Jav…
CVE-2012-0025 medium 7.8 EXP irfanview 14y ago Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial o…
CVE-2012-5687 high 8.8 EXP 14y ago Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrar…
CVE-2012-4940 medium 7.4 EXP gecad 14y ago Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName…
CVE-2012-4939 medium 5.3 EXP solarwinds 14y ago Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject ar…
CVE-2012-5470 medium 5.3 EXPFIX debian debian videolan 14y ago libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
CVE-2011-5233 medium 5.3 EXP irfanview 14y ago Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
CVE-2011-5230 high 8.5 EXP seotoaster 14y ago Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arb…
CVE-2011-5229 high 8.5 EXP apprain 14y ago SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
CVE-2011-5228 medium 5.3 EXP apprain 14y ago Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
CVE-2011-5222 high 8.5 EXP scripte24shop 14y ago SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.
CVE-2011-5219 medium 6.0 EXP mpdf1 14y ago Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2011-5218 high 8.5 EXP neubivljiv 14y ago SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2011-5214 medium 5.3 EXP browsercrm 14y ago Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/ad…
CVE-2011-5213 high 8.5 EXP browsercrm 14y ago Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id pa…
CVE-2012-5672 medium 5.3 EXP microsoft 14y ago Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a craf…
CVE-2012-5388 low 4.5 EXP videousermanualswordpress 14y ago Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the …
CVE-2012-5387 medium 7.8 EXP videousermanualswordpress 14y ago Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for…
CVE-2012-5453 medium 7.5 EXP atutor 14y ago SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vu…
CVE-2012-5452 medium 5.3 EXP intelliants 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) …
CVE-2012-5167 high 8.5 EXP atutor 14y ago Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_subm…
CVE-2012-4989 medium 5.3 EXP openx 14y ago Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an …
CVE-2012-4773 medium 7.8 EXP intelliants 14y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify s…
CVE-2012-4772 high 8.5 EXP intelliants 14y ago SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
CVE-2012-4771 medium 5.3 EXP intelliants 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/ma…
CVE-2012-4231 medium 5.3 EXP jcore 14y ago Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2012-1900 medium 7.8 EXP razorcms 14y ago Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitr…
CVE-2011-5212 high 8.5 EXP intelliants 14y ago SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.
CVE-2011-5211 medium 5.3 EXP intelliants 14y ago Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are o…
CVE-2010-4821 medium 5.3 EXP phpmyfaq 14y ago Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2012-4751 medium 5.3 EXPFIX debian debian otrs 14y ago Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary w…
CVE-2012-3001 high 9.5 EXP mutiny 14y ago Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
CVE-2012-4933 high 8.8 EXP novell 14y ago The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (…
CVE-2012-3221 low 3.1 EXPFIX debian debian oracle 14y ago Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. …
CVE-2012-3186 medium 5.9 EXP oracle 14y ago Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us…
CVE-2012-3185 medium 5.9 EXP oracle 14y ago Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us…
CVE-2012-3184 medium 5.3 EXP oracle 14y ago Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to aff…
CVE-2012-3183 medium 5.9 EXP oracle 14y ago Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us…
CVE-2012-3153 medium 7.4 EXP oracle 14y ago Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via un…
CVE-2012-5081 medium 6.0 EXP oraclesun 14y ago Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows…
CVE-2012-5067 medium 6.0 EXP oracle 14y ago Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Dep…
CVE-2012-5386 medium 7.8 EXP nicolas_tormo 14y ago Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vu…
CVE-2012-5383 medium 7.2 EXP oracle 14y ago Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan ho…
CVE-2012-5382 medium 7.0 EXP zend 14y ago Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan …
CVE-2012-5381 medium 7.0 EXP php 14y ago Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL i…