CVEs from 2012
Total
5,193
critical
critical 962
high
high 747
medium
medium 2,886
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.8%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2570 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter. | |||
| CVE-2012-2209 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuratio… | |||
| CVE-2012-1835 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title p… | |||
| CVE-2012-2331 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendi… | |||
| CVE-2012-2274 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||
| CVE-2012-4278 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) … | |||
| CVE-2012-4267 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||
| CVE-2012-4266 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of thes… | |||
| CVE-2012-2371 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb param… | |||
| CVE-2012-4262 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maide… | |||
| CVE-2012-4259 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allo… | |||
| CVE-2012-4254 | medium | — | 5.3 | 14y ago | MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. | |||
| CVE-2012-4253 | medium | — | 5.3 | 14y ago | Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2)… | |||
| CVE-2012-4251 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to… | |||
| CVE-2012-2590 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a… | |||
| CVE-2012-2587 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribu… | |||
| CVE-2012-2585 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT ele… | |||
| CVE-2012-2573 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) … | |||
| CVE-2012-2571 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2… | |||
| CVE-2012-2584 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style … | |||
| CVE-2012-2577 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslo… | |||
| CVE-2012-4247 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remot… | |||
| CVE-2012-4246 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the… | |||
| CVE-2012-3848 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-2442 | medium | — | 5.3 | 14y ago | Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. | |||
| CVE-2012-2955 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security … | |||
| CVE-2012-4000 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remo… | |||
| CVE-2012-3236 | medium | — | 5.3 | 14y ago | fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated us… | |||
| CVE-2012-3805 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-3840 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) la… | |||
| CVE-2012-3837 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u… | |||
| CVE-2012-3836 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the u… | |||
| CVE-2012-3835 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url… | |||
| CVE-2012-3831 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. | |||
| CVE-2012-3830 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. | |||
| CVE-2012-2698 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to … | |||
| CVE-2012-3232 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. | |||
| CVE-2012-2172 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote atta… | |||
| CVE-2012-1858 | medium | — | 5.3 | 14y ago | The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, w… | |||
| CVE-2012-2941 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||
| CVE-2012-2940 | medium | — | 5.3 | 14y ago | MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file. | |||
| CVE-2012-2938 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) ho… | |||
| CVE-2012-2436 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize ac… | |||
| CVE-2012-1990 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvari… | |||
| CVE-2012-2918 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | |||
| CVE-2012-2917 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-an… | |||
| CVE-2012-2914 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-2913 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.p… | |||
| CVE-2012-2911 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter. | |||
| CVE-2012-2910 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.ran… | |||
| CVE-2012-2909 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Wo… | |||
| CVE-2012-2906 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add… | |||
| CVE-2012-2904 | medium | — | 5.3 | 14y ago | player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug par… | |||
| CVE-2012-2903 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) ta… | |||
| CVE-2012-2234 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an a… | |||
| CVE-2012-2396 | medium | — | 5.3 | 14y ago | VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. | |||
| CVE-2012-2156 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field… | |||
| CVE-2012-0067 | medium | — | 5.3 | 14y ago | wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. | |||
| CVE-2012-1904 | medium | — | 5.3 | 14y ago | mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of servic… | |||
| CVE-2012-1465 | medium | — | 5.3 | 14y ago | Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NO… | |||
| CVE-2012-1039 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb p… | |||
| CVE-2012-1787 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DO… | |||
| CVE-2012-1782 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar. | |||
| CVE-2012-1213 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitra… | |||
| CVE-2012-1211 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | |||
| CVE-2012-1208 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2012-0873 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or th… | |||
| CVE-2012-1224 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1217 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.p… | |||
| CVE-2012-1069 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1065 | medium | — | 5.3 | 15y ago | Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the Expor… | |||
| CVE-2012-1059 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2012-1049 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp… | |||
| CVE-2012-1048 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web … | |||
| CVE-2012-0834 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engi… | |||
| CVE-2012-1028 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parame… | |||
| CVE-2012-1027 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2012-1021 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. | |||
| CVE-2012-1018 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc… | |||
| CVE-2012-1005 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as… | |||
| CVE-2012-1007 | medium | — | 5.3 | 15y ago | Withdrawn Advisory: Apache Struts XSS | |||
| CVE-2012-1006 | medium | — | 5.3 | 15y ago | Apache Struts Multiple Cross-site Scripting Vulnerabilities | |||
| CVE-2012-0782 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or … | |||
| CVE-2012-0932 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2012-0053 | medium | — | 5.3 | 15y ago | protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to … | |||
| CVE-2012-0389 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers t… | |||
| CVE-2012-0285 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0904 | medium | — | 5.3 | 15y ago | VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. | |||
| CVE-2012-0901 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | |||
| CVE-2012-0900 | medium | — | 5.3 | 15y ago | Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon… | |||
| CVE-2012-0899 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the n… | |||
| CVE-2012-0895 | medium | — | 5.3 | 15y ago | Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. | |||
| CVE-2012-0007 | medium | — | 5.3 | 15y ago | The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remot… | |||
| CVE-2012-2997 | medium | — | 5.0 | 13y ago | XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files … | |||
| CVE-2012-5627 | medium | — | 5.0 | 13y ago | Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection wh… | |||
| CVE-2012-5375 | medium | — | 5.0 | 14y ago | The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a… | |||
| CVE-2012-5614 | medium | — | 5.0 | 14y ago | Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT com… | |||
| CVE-2012-5918 | medium | — | 5.0 | 14y ago | razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory. | |||
| CVE-2012-5905 | medium | — | 5.0 | 14y ago | Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command. | |||
| CVE-2012-5335 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request. |