CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
3.2%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5116 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2012-5115 | high | — | 7.5 | 14y ago | Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspe… | |||
| CVE-2012-4498 | high | — | 7.5 | 14y ago | The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly h… | |||
| CVE-2012-5302 | high | — | 7.5 | 14y ago | The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vect… | |||
| CVE-2012-5168 | high | — | 7.5 | 14y ago | ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_… | |||
| CVE-2012-5167 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_subm… | |||
| CVE-2012-4990 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | |||
| CVE-2012-4772 | high | — | 7.5 | 14y ago | SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. | |||
| CVE-2012-4232 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | |||
| CVE-2012-2971 | high | — | 7.5 | 14y ago | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a craf… | |||
| CVE-2012-3158 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via … | |||
| CVE-2012-5068 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int… | |||
| CVE-2012-3159 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, int… | |||
| CVE-2012-5385 | high | — | 7.5 | 14y ago | install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | |||
| CVE-2012-4399 | high | 7.5 | 7.5 | 14y ago | CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references | |||
| CVE-2012-5347 | high | — | 7.5 | 14y ago | TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php. | |||
| CVE-2012-5342 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php. | |||
| CVE-2012-4456 | high | — | 7.5 | 14y ago | The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the ro… | |||
| CVE-2012-5111 | high | — | 7.5 | 14y ago | Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors. | |||
| CVE-2012-2900 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other im… | |||
| CVE-2012-5334 | high | — | 7.5 | 14y ago | SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||
| CVE-2012-5333 | high | — | 7.5 | 14y ago | SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5317 | high | — | 7.5 | 14y ago | SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. | |||
| CVE-2012-5313 | high | — | 7.5 | 14y ago | SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter. | |||
| CVE-2012-5312 | high | — | 7.5 | 14y ago | SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||
| CVE-2012-5310 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-5304 | high | — | 7.5 | 14y ago | Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOT… | |||
| CVE-2012-1618 | high | — | 7.5 | 14y ago | Unescaped parameters in the PostgreSQL JDBC driver | |||
| CVE-2012-1565 | high | — | 7.5 | 14y ago | Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference. | |||
| CVE-2012-5300 | high | — | 7.5 | 14y ago | SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5299 | high | — | 7.5 | 14y ago | Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. | |||
| CVE-2012-5297 | high | — | 7.5 | 14y ago | SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5294 | high | — | 7.5 | 14y ago | SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5293 | high | — | 7.5 | 14y ago | Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/g… | |||
| CVE-2012-5292 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php. | |||
| CVE-2012-5291 | high | — | 7.5 | 14y ago | SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter. | |||
| CVE-2012-5290 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php. | |||
| CVE-2012-5289 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. | |||
| CVE-2012-5288 | high | — | 7.5 | 14y ago | SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-1603 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id paramet… | |||
| CVE-2012-1602 | high | — | 7.5 | 14y ago | user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | |||
| CVE-2012-5231 | high | — | 7.5 | 14y ago | miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) upda… | |||
| CVE-2012-5230 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. | |||
| CVE-2012-5227 | high | — | 7.5 | 14y ago | SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-5224 | high | — | 7.5 | 14y ago | PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[te… | |||
| CVE-2012-4432 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction." | |||
| CVE-2012-4415 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a l… | |||
| CVE-2012-2240 | high | — | 7.5 | 14y ago | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | |||
| CVE-2012-2684 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote at… | |||
| CVE-2012-2998 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via … | |||
| CVE-2012-2896 | high | — | 7.5 | 14y ago | Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknow… | |||
| CVE-2012-2888 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text referen… | |||
| CVE-2012-2887 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events. | |||
| CVE-2012-2885 | high | — | 7.5 | 14y ago | Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit. | |||
| CVE-2012-2883 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write oper… | |||
| CVE-2012-2881 | high | — | 7.5 | 14y ago | Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unk… | |||
| CVE-2012-2880 | high | — | 7.5 | 14y ago | Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer. | |||
| CVE-2012-2878 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handlin… | |||
| CVE-2012-2876 | high | — | 7.5 | 14y ago | Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown … | |||
| CVE-2012-2874 | high | — | 7.5 | 14y ago | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write oper… | |||
| CVE-2012-1116 | high | — | 7.5 | 14y ago | SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-0973 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the … | |||
| CVE-2012-3264 | high | — | 7.5 | 14y ago | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472. | |||
| CVE-2012-5101 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-5098 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (… | |||
| CVE-2012-3716 | high | — | 7.5 | 14y ago | CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. | |||
| CVE-2012-0650 | high | — | 7.5 | 14y ago | Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) v… | |||
| CVE-2012-5001 | high | — | 7.5 | 14y ago | Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified … | |||
| CVE-2012-5000 | high | — | 7.5 | 14y ago | SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |||
| CVE-2012-4997 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | |||
| CVE-2012-4996 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.p… | |||
| CVE-2012-4993 | high | — | 7.5 | 14y ago | torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact. | |||
| CVE-2012-2105 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||
| CVE-2012-1184 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or p… | |||
| CVE-2012-3032 | high | — | 7.5 | 14y ago | SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted S… | |||
| CVE-2012-2994 | high | — | 7.5 | 14y ago | The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force… | |||
| CVE-2012-4927 | high | — | 7.5 | 14y ago | SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. | |||
| CVE-2012-4925 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: … | |||
| CVE-2012-4908 | high | — | 7.5 | 14y ago | Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |||
| CVE-2012-3234 | high | — | 7.5 | 14y ago | RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attac… | |||
| CVE-2012-2409 | high | — | 7.5 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2012-2407 | high | — | 7.5 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly ha… | |||
| CVE-2012-2115 | high | — | 7.5 | 14y ago | SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||
| CVE-2012-1911 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter … | |||
| CVE-2012-0254 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterp… | |||
| CVE-2012-4868 | high | — | 7.5 | 14y ago | SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2012-2740 | high | — | 7.5 | 14y ago | SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | |||
| CVE-2012-4392 | high | — | 7.5 | 14y ago | index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | |||
| CVE-2012-2109 | high | — | 7.5 | 14y ago | SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_wid… | |||
| CVE-2012-4743 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) categ… | |||
| CVE-2012-4742 | high | — | 7.5 | 14y ago | The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-2114 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to… | |||
| CVE-2012-2869 | high | — | 7.5 | 14y ago | Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale b… | |||
| CVE-2012-2866 | high | — | 7.5 | 14y ago | Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibl… | |||
| CVE-2012-4686 | high | — | 7.5 | 14y ago | SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | |||
| CVE-2012-1934 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | |||
| CVE-2012-2227 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_la… | |||
| CVE-2012-4673 | high | — | 7.5 | 14y ago | SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list… | |||
| CVE-2012-3477 | high | — | 7.5 | 14y ago | SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. | |||
| CVE-2012-2289 | high | — | 7.5 | 14y ago | EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via un… |