CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2986 | high | — | 8.7 | 14y ago | lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) f… | |||
| CVE-2012-5493 | high | — | 8.5 | 4y ago | gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. | |||
| CVE-2012-1665 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/l… | |||
| CVE-2012-5849 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.ph… | |||
| CVE-2012-5244 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter t… | |||
| CVE-2012-5487 | high | — | 8.5 | 12y ago | The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and e… | |||
| CVE-2012-5685 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients mod… | |||
| CVE-2012-6653 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors. | |||
| CVE-2012-6643 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1… | |||
| CVE-2012-0270 | high | — | 8.5 | 13y ago | Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file… | |||
| CVE-2012-6626 | high | — | 8.5 | 13y ago | SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | |||
| CVE-2012-6625 | high | — | 8.5 | 13y ago | SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid para… | |||
| CVE-2012-4412 | high | — | 8.5 | 13y ago | Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary… | |||
| CVE-2012-4078 | high | — | 8.5 | 13y ago | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authe… | |||
| CVE-2012-6588 | high | — | 8.5 | 13y ago | SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2012-6586 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/s… | |||
| CVE-2012-6584 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php. | |||
| CVE-2012-6560 | high | — | 8.5 | 13y ago | SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter. | |||
| CVE-2012-3022 | high | — | 8.5 | 13y ago | The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers… | |||
| CVE-2012-1999 | high | — | 8.5 | 13y ago | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors. | |||
| CVE-2012-5204 | high | — | 8.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5203 | high | — | 8.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-5202 | high | — | 8.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive … | |||
| CVE-2012-6529 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter… | |||
| CVE-2012-6526 | high | — | 8.5 | 14y ago | SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter. | |||
| CVE-2012-6525 | high | — | 8.5 | 14y ago | SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-6524 | high | — | 8.5 | 14y ago | SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-6439 | high | — | 8.5 | 14y ago | When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s config… | |||
| CVE-2012-6520 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. … | |||
| CVE-2012-6519 | high | — | 8.5 | 14y ago | SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. | |||
| CVE-2012-6516 | high | — | 8.5 | 14y ago | SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. | |||
| CVE-2012-6509 | high | — | 8.5 | 14y ago | Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. | |||
| CVE-2012-6504 | high | — | 8.5 | 14y ago | SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-6096 | high | — | 8.5 | 14y ago | Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow re… | |||
| CVE-2012-5874 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL… | |||
| CVE-2012-6329 | high | — | 8.5 | 14y ago | The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket n… | |||
| CVE-2012-5469 | high | — | 8.5 | 14y ago | The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-php… | |||
| CVE-2012-6039 | high | — | 8.5 | 14y ago | SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||
| CVE-2012-5912 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | |||
| CVE-2012-5909 | high | — | 8.5 | 14y ago | SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in … | |||
| CVE-2012-5900 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (… | |||
| CVE-2012-5894 | high | — | 8.5 | 14y ago | SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | |||
| CVE-2012-4951 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalI… | |||
| CVE-2012-5167 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_subm… | |||
| CVE-2012-4772 | high | — | 8.5 | 14y ago | SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. | |||
| CVE-2012-4826 | high | — | 8.5 | 14y ago | Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated … | |||
| CVE-2012-4399 | high | 7.5 | 8.5 | 14y ago | CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references | |||
| CVE-2012-5347 | high | — | 8.5 | 14y ago | TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php. | |||
| CVE-2012-5342 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php. | |||
| CVE-2012-5334 | high | — | 8.5 | 14y ago | SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||
| CVE-2012-5333 | high | — | 8.5 | 14y ago | SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5313 | high | — | 8.5 | 14y ago | SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter. | |||
| CVE-2012-5312 | high | — | 8.5 | 14y ago | SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||
| CVE-2012-5294 | high | — | 8.5 | 14y ago | SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5293 | high | — | 8.5 | 14y ago | Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/g… | |||
| CVE-2012-5292 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php. | |||
| CVE-2012-5291 | high | — | 8.5 | 14y ago | SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter. | |||
| CVE-2012-5288 | high | — | 8.5 | 14y ago | SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-1603 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id paramet… | |||
| CVE-2012-5231 | high | — | 8.5 | 14y ago | miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) upda… | |||
| CVE-2012-5227 | high | — | 8.5 | 14y ago | SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5224 | high | — | 8.5 | 14y ago | PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[te… | |||
| CVE-2012-5223 | high | — | 8.5 | 14y ago | The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly… | |||
| CVE-2012-4415 | high | — | 8.5 | 14y ago | Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a l… | |||
| CVE-2012-2998 | high | — | 8.5 | 14y ago | SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via … | |||
| CVE-2012-1116 | high | — | 8.5 | 14y ago | SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-0973 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the … | |||
| CVE-2012-5159 | high | — | 8.5 | 14y ago | phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allo… | |||
| CVE-2012-0209 | high | — | 8.5 | 14y ago | Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan… | |||
| CVE-2012-2287 | high | — | 8.5 | 14y ago | The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote a… | |||
| CVE-2012-5098 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (… | |||
| CVE-2012-5000 | high | — | 8.5 | 14y ago | SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |||
| CVE-2012-4997 | high | — | 8.5 | 14y ago | Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | |||
| CVE-2012-4996 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.p… | |||
| CVE-2012-4993 | high | — | 8.5 | 14y ago | torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact. | |||
| CVE-2012-2105 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||
| CVE-2012-1184 | high | — | 8.5 | 14y ago | Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or p… | |||
| CVE-2012-2994 | high | — | 8.5 | 14y ago | The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force… | |||
| CVE-2012-4927 | high | — | 8.5 | 14y ago | SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. | |||
| CVE-2012-4925 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: … | |||
| CVE-2012-4908 | high | — | 8.5 | 14y ago | Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |||
| CVE-2012-2115 | high | — | 8.5 | 14y ago | SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||
| CVE-2012-1911 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter … | |||
| CVE-2012-4869 | high | — | 8.5 | 14y ago | The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. | |||
| CVE-2012-2740 | high | — | 8.5 | 14y ago | SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | |||
| CVE-2012-2109 | high | — | 8.5 | 14y ago | SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_wid… | |||
| CVE-2012-4686 | high | — | 8.5 | 14y ago | SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | |||
| CVE-2012-1934 | high | — | 8.5 | 14y ago | SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | |||
| CVE-2012-2227 | high | — | 8.5 | 14y ago | Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_la… | |||
| CVE-2012-3456 | high | — | 8.5 | 14y ago | Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial o… | |||
| CVE-2012-3009 | high | — | 8.5 | 14y ago | Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. | |||
| CVE-2012-2601 | high | — | 8.5 | 14y ago | SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | |||
| CVE-2012-3435 | high | — | 8.5 | 14y ago | SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid paramet… | |||
| CVE-2012-2208 | high | — | 8.5 | 14y ago | Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||
| CVE-2012-4282 | high | — | 8.5 | 14y ago | SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-2332 | high | — | 8.5 | 14y ago | SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. … | |||
| CVE-2012-4281 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id para… | |||
| CVE-2012-4279 | high | — | 8.5 | 14y ago | Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/ad… | |||
| CVE-2012-4265 | high | — | 8.5 | 14y ago | SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2012-4261 | high | — | 8.5 | 14y ago | SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. |