CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5348 | medium | — | 7.8 | 14y ago | SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. | |||
| CVE-2012-5331 | medium | — | 7.8 | 14y ago | Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php. | |||
| CVE-2012-1671 | medium | — | 7.8 | 14y ago | Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||
| CVE-2012-5326 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrat… | |||
| CVE-2012-5323 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests th… | |||
| CVE-2012-5320 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the admin… | |||
| CVE-2012-5319 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests tha… | |||
| CVE-2012-1416 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts vi… | |||
| CVE-2012-1308 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the… | |||
| CVE-2012-5318 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with… | |||
| CVE-2012-1125 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a fi… | |||
| CVE-2012-1414 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News… | |||
| CVE-2012-1153 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2012-1897 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via th… | |||
| CVE-2012-4051 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authen… | |||
| CVE-2012-5005 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an ad… | |||
| CVE-2012-5002 | medium | — | 7.8 | 14y ago | Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a… | |||
| CVE-2012-1901 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via … | |||
| CVE-2012-2996 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication o… | |||
| CVE-2012-2275 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitiv… | |||
| CVE-2012-2316 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrat… | |||
| CVE-2012-4877 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that a… | |||
| CVE-2012-1112 | medium | — | 7.8 | 14y ago | Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter t… | |||
| CVE-2012-4746 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change t… | |||
| CVE-2012-0308 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | |||
| CVE-2012-4036 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via… | |||
| CVE-2012-1933 | medium | — | 7.8 | 14y ago | Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in… | |||
| CVE-2012-2104 | medium | — | 7.8 | 14y ago | cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequenc… | |||
| CVE-2012-1921 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the r… | |||
| CVE-2012-4237 | medium | — | 7.8 | 14y ago | Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id param… | |||
| CVE-2012-3294 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allo… | |||
| CVE-2012-4325 | medium | — | 7.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2012-4280 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) … | |||
| CVE-2012-2602 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators fo… | |||
| CVE-2012-0282 | medium | — | 7.8 | 14y ago | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in … | |||
| CVE-2012-0277 | medium | — | 7.8 | 14y ago | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | |||
| CVE-2012-0276 | medium | — | 7.8 | 14y ago | Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed… | |||
| CVE-2012-3350 | medium | — | 7.8 | 14y ago | SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||
| CVE-2012-2614 | medium | — | 7.8 | 14y ago | Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long stri… | |||
| CVE-2012-3578 | medium | — | 7.8 | 14y ago | Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a f… | |||
| CVE-2012-1936 | medium | — | 7.8 | 14y ago | The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attack… | |||
| CVE-2012-0550 | medium | — | 7.8 | 14y ago | Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and… | |||
| CVE-2012-1498 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an adminis… | |||
| CVE-2012-1297 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requ… | |||
| CVE-2012-0997 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new to… | |||
| CVE-2012-1220 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that c… | |||
| CVE-2012-0286 | medium | — | 7.8 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accoun… | |||
| CVE-2012-0897 | medium | — | 7.8 | 15y ago | Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QC… | |||
| CVE-2012-0394 | medium | — | 7.8 | 15y ago | Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | |||
| CVE-2012-0392 | medium | — | 7.8 | 15y ago | Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | |||
| CVE-2012-5380 | medium | 6.7 | 7.7 | 14y ago | Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse … | |||
| CVE-2012-5865 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | |||
| CVE-2012-2956 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due t… | |||
| CVE-2012-1506 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryI… | |||
| CVE-2012-4240 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||
| CVE-2012-0938 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter i… | |||
| CVE-2012-6290 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leverage… | |||
| CVE-2012-4960 | medium | — | 7.5 | 13y ago | The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S37… | |||
| CVE-2012-6554 | medium | — | 7.5 | 13y ago | functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag,… | |||
| CVE-2012-3873 | medium | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestb… | |||
| CVE-2012-5967 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | |||
| CVE-2012-5612 | medium | — | 7.5 | 14y ago | Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (m… | |||
| CVE-2012-5611 | medium | — | 7.5 | 14y ago | Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x b… | |||
| CVE-2012-6038 | medium | — | 7.5 | 14y ago | admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, mov… | |||
| CVE-2012-4949 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | |||
| CVE-2012-5453 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vu… | |||
| CVE-2012-2982 | medium | — | 7.5 | 14y ago | file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. | |||
| CVE-2012-1467 | medium | — | 7.5 | 14y ago | Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files… | |||
| CVE-2012-2962 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q p… | |||
| CVE-2012-3834 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands vi… | |||
| CVE-2012-2171 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to e… | |||
| CVE-2012-2939 | medium | — | 7.5 | 14y ago | Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airli… | |||
| CVE-2012-2236 | medium | — | 7.5 | 14y ago | SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action. | |||
| CVE-2012-5930 | medium | — | 7.4 | 14y ago | The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote at… | |||
| CVE-2012-6050 | medium | — | 7.4 | 14y ago | The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request… | |||
| CVE-2012-4513 | medium | — | 7.4 | 14y ago | khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpect… | |||
| CVE-2012-4940 | medium | — | 7.4 | 14y ago | Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName… | |||
| CVE-2012-3153 | medium | — | 7.4 | 14y ago | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via un… | |||
| CVE-2012-1617 | medium | — | 7.4 | 14y ago | Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability … | |||
| CVE-2012-3137 | medium | — | 7.4 | 14y ago | The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, wh… | |||
| CVE-2012-4926 | medium | — | 7.4 | 14y ago | approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app… | |||
| CVE-2012-0298 | medium | — | 7.4 | 14y ago | The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. | |||
| CVE-2012-0393 | medium | — | 7.4 | 15y ago | Apache Struts's ParameterInterceptor component does not prevent access to public constructors | |||
| CVE-2012-5991 | medium | — | 7.3 | 14y ago | screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain b… | |||
| CVE-2012-5383 | medium | — | 7.2 | 14y ago | Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan ho… | |||
| CVE-2012-3483 | medium | — | 7.2 | 14y ago | Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. | |||
| CVE-2012-4999 | medium | — | 7.1 | 14y ago | Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (… | |||
| CVE-2012-3571 | medium | — | 7.1 | 14y ago | ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. | |||
| CVE-2012-6495 | medium | — | 7.0 | 4y ago | Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users w… | |||
| CVE-2012-6081 | medium | — | 7.0 | 14y ago | Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated us… | |||
| CVE-2012-5367 | medium | — | 7.0 | 14y ago | Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPa… | |||
| CVE-2012-5613 | medium | — | 7.0 | 14y ago | MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows … | |||
| CVE-2012-5382 | medium | — | 7.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan … | |||
| CVE-2012-5381 | medium | — | 7.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL i… | |||
| CVE-2012-5378 | medium | — | 7.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL … | |||
| CVE-2012-5377 | medium | — | 7.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan hors… | |||
| CVE-2012-5350 | medium | — | 7.0 | 14y ago | SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in … | |||
| CVE-2012-1468 | medium | — | 7.0 | 14y ago | Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executa… | |||
| CVE-2012-1058 | medium | — | 7.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to … | |||
| CVE-2012-4709 | medium | — | 6.9 | 13y ago | Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) … |