CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
3.2%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2469 | high | — | 7.8 | 14y ago | Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) v… | |||
| CVE-2012-3017 | high | — | 7.8 | 14y ago | Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed… | |||
| CVE-2012-3016 | high | — | 7.8 | 14y ago | Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. | |||
| CVE-2012-3817 | high | — | 7.8 | 14y ago | ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initializ… | |||
| CVE-2012-3120 | high | — | 7.8 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. | |||
| CVE-2012-1740 | high | — | 7.8 | 14y ago | Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality… | |||
| CVE-2012-4028 | high | — | 7.8 | 14y ago | Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authenticatio… | |||
| CVE-2012-3073 | high | — | 7.8 | 14y ago | The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to… | |||
| CVE-2012-2970 | high | — | 7.8 | 14y ago | The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735. | |||
| CVE-2012-2017 | high | — | 7.8 | 14y ago | Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-O… | |||
| CVE-2012-3816 | high | — | 7.8 | 14y ago | WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet. | |||
| CVE-2012-2816 | high | — | 7.8 | 14y ago | Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vect… | |||
| CVE-2012-3058 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8… | |||
| CVE-2012-3289 | high | — | 7.8 | 14y ago | VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) v… | |||
| CVE-2012-3291 | high | — | 7.8 | 14y ago | Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner. | |||
| CVE-2012-1185 | high | 7.8 | 7.8 | 14y ago | Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execu… | |||
| CVE-2012-2488 | high | — | 7.8 | 14y ago | Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94… | |||
| CVE-2012-2426 | high | — | 7.8 | 14y ago | The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. | |||
| CVE-2012-2320 | high | — | 7.8 | 14y ago | ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted n… | |||
| CVE-2012-1097 | high | 7.8 | 7.8 | 14y ago | The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL poin… | |||
| CVE-2012-0044 | high | 7.8 | 7.8 | 14y ago | Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privi… | |||
| CVE-2012-2277 | high | — | 7.8 | 14y ago | The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (li… | |||
| CVE-2012-2276 | high | — | 7.8 | 14y ago | The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon cr… | |||
| CVE-2012-1804 | high | — | 7.8 | 14y ago | The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request. | |||
| CVE-2012-0180 | high | 7.8 | 7.8 | 14y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 C… | |||
| CVE-2012-0378 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number… | |||
| CVE-2012-0406 | high | — | 7.8 | 14y ago | The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemo… | |||
| CVE-2012-1802 | high | — | 7.8 | 14y ago | Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 befor… | |||
| CVE-2012-2210 | high | — | 7.8 | 14y ago | The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to… | |||
| CVE-2012-1315 | high | — | 7.8 | 14y ago | Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload)… | |||
| CVE-2012-1314 | high | — | 7.8 | 14y ago | The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. | |||
| CVE-2012-1311 | high | — | 7.8 | 14y ago | The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue w… | |||
| CVE-2012-1310 | high | — | 7.8 | 14y ago | Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka B… | |||
| CVE-2012-0388 | high | — | 7.8 | 14y ago | Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reloa… | |||
| CVE-2012-0387 | high | — | 7.8 | 14y ago | Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device… | |||
| CVE-2012-0386 | high | — | 7.8 | 14y ago | The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (dev… | |||
| CVE-2012-0385 | high | — | 7.8 | 14y ago | The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug I… | |||
| CVE-2012-0383 | high | — | 7.8 | 14y ago | Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require tran… | |||
| CVE-2012-1783 | high | — | 7.8 | 14y ago | Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number. | |||
| CVE-2012-0356 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(… | |||
| CVE-2012-0355 | high | — | 7.8 | 14y ago | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) all… | |||
| CVE-2012-0370 | high | — | 7.8 | 14y ago | Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service… | |||
| CVE-2012-0369 | high | — | 7.8 | 14y ago | Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reloa… | |||
| CVE-2012-0368 | high | — | 7.8 | 14y ago | The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remo… | |||
| CVE-2012-0367 | high | — | 7.8 | 14y ago | Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segmen… | |||
| CVE-2012-0359 | high | — | 7.8 | 14y ago | The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. | |||
| CVE-2012-0330 | high | — | 7.8 | 14y ago | Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. | |||
| CVE-2012-0364 | high | — | 7.8 | 15y ago | Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload reques… | |||
| CVE-2012-0352 | high | — | 7.8 | 15y ago | Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.… | |||
| CVE-2012-0014 | high | 7.8 | 7.8 | 15y ago | Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to exe… | |||
| CVE-2012-0897 | medium | — | 7.8 | 15y ago | Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QC… | |||
| CVE-2012-0094 | high | — | 7.8 | 15y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. | |||
| CVE-2012-0394 | medium | — | 7.8 | 15y ago | Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | |||
| CVE-2012-0024 | high | — | 7.8 | 15y ago | MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a den… | |||
| CVE-2012-3014 | high | — | 7.7 | 14y ago | The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileg… | |||
| CVE-2012-3580 | high | — | 7.7 | 14y ago | Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. | |||
| CVE-2012-2986 | high | — | 7.7 | 14y ago | lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) f… | |||
| CVE-2012-1801 | high | — | 7.7 | 14y ago | Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow r… | |||
| CVE-2012-4694 | high | — | 7.6 | 14y ago | Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device … | |||
| CVE-2012-1543 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2012-4687 | high | — | 7.6 | 14y ago | Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key… | |||
| CVE-2012-5089 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a… | |||
| CVE-2012-5084 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows… | |||
| CVE-2012-5080 | high | — | 7.6 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a differ… | |||
| CVE-2012-3400 | high | — | 7.6 | 14y ago | Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have … | |||
| CVE-2012-3973 | high | — | 7.6 | 14y ago | The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote… | |||
| CVE-2012-3555 | high | — | 7.6 | 14y ago | Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks… | |||
| CVE-2012-3292 | high | — | 7.6 | 14y ago | The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to… | |||
| CVE-2012-2562 | high | — | 7.6 | 14y ago | The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATE… | |||
| CVE-2012-0735 | high | — | 7.6 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified oth… | |||
| CVE-2012-0734 | high | — | 7.6 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other i… | |||
| CVE-2012-0168 | high | — | 7.6 | 14y ago | Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print … | |||
| CVE-2012-0129 | high | — | 7.6 | 14y ago | HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0648 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0639 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0638 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0637 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0636 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0634 | high | — | 7.6 | 14y ago | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |||
| CVE-2012-0397 | high | — | 7.6 | 14y ago | Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0881 | high | 7.5 | 7.5 | 9y ago | Denial of service in Apache Xerces2 | |||
| CVE-2012-2695 | high | — | 7.5 | 9y ago | activerecord vulnerable to SQL Injection | |||
| CVE-2012-4380 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. | |||
| CVE-2012-6707 | high | 7.5 | 7.5 | 9y ago | WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach… | |||
| CVE-2012-2805 | high | 7.5 | 7.5 | 9y ago | Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | |||
| CVE-2012-0880 | high | 7.5 | 7.5 | 9y ago | Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. | |||
| CVE-2012-6697 | high | 7.5 | 7.5 | 9y ago | InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). | |||
| CVE-2012-6700 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response. | |||
| CVE-2012-6699 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response. | |||
| CVE-2012-6698 | high | 7.5 | 7.5 | 10y ago | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response. | |||
| CVE-2012-1665 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/l… | |||
| CVE-2012-5849 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.ph… | |||
| CVE-2012-5853 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to e… | |||
| CVE-2012-5580 | high | — | 7.5 | 12y ago | Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary … | |||
| CVE-2012-5244 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter t… | |||
| CVE-2012-6654 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a differen… | |||
| CVE-2012-5685 | high | — | 7.5 | 12y ago | SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients mod… | |||
| CVE-2012-3820 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field … | |||
| CVE-2012-0938 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter i… | |||
| CVE-2012-6653 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors. |