CVEs from 2012
Total
5,222
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.4%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2012-3032 | high | — | 7.5 | 14y ago | SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted S… | |
| CVE-2012-2994 | high | — | 7.5 | 14y ago | The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force… | |
| CVE-2012-4927 | high | — | 7.5 | 14y ago | SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. | |
| CVE-2012-4925 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: … | |
| CVE-2012-4908 | high | — | 7.5 | 14y ago | Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |
| CVE-2012-3234 | high | — | 7.5 | 14y ago | RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attac… | |
| CVE-2012-2409 | high | — | 7.5 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly ha… | |
| CVE-2012-2407 | high | — | 7.5 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly ha… | |
| CVE-2012-2115 | high | — | 7.5 | 14y ago | SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. | |
| CVE-2012-1911 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter … | |
| CVE-2012-0254 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterp… | |
| CVE-2012-4869 | high | — | 7.5 | 14y ago | The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. | |
| CVE-2012-4868 | high | — | 7.5 | 14y ago | SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-2740 | high | — | 7.5 | 14y ago | SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | |
| CVE-2012-4392 | high | — | 7.5 | 14y ago | index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | |
| CVE-2012-2109 | high | — | 7.5 | 14y ago | SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_wid… | |
| CVE-2012-4743 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) categ… | |
| CVE-2012-4742 | high | — | 7.5 | 14y ago | The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2012-2114 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to… | |
| CVE-2012-2869 | high | — | 7.5 | 14y ago | Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale b… | |
| CVE-2012-2866 | high | — | 7.5 | 14y ago | Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibl… | |
| CVE-2012-4686 | high | — | 7.5 | 14y ago | SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | |
| CVE-2012-1934 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | |
| CVE-2012-2227 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_la… | |
| CVE-2012-4673 | high | — | 7.5 | 14y ago | SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list… | |
| CVE-2012-3477 | high | — | 7.5 | 14y ago | SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. | |
| CVE-2012-2289 | high | — | 7.5 | 14y ago | EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via un… | |
| CVE-2012-3441 | high | — | 7.5 | 14y ago | The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via … | |
| CVE-2012-4595 | high | — | 7.5 | 14y ago | McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin s… | |
| CVE-2012-3455 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of… | |
| CVE-2012-3456 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial o… | |
| CVE-2012-2601 | high | — | 7.5 | 14y ago | SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | |
| CVE-2012-4343 | high | — | 7.5 | 14y ago | Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. | |
| CVE-2012-3435 | high | — | 7.5 | 14y ago | SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid paramet… | |
| CVE-2012-4162 | high | — | 7.5 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a diff… | |
| CVE-2012-4161 | high | — | 7.5 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a diff… | |
| CVE-2012-2208 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |
| CVE-2012-4327 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors. | |
| CVE-2012-4282 | high | — | 7.5 | 14y ago | SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |
| CVE-2012-2332 | high | — | 7.5 | 14y ago | SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. … | |
| CVE-2012-4281 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id para… | |
| CVE-2012-4279 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/ad… | |
| CVE-2012-4265 | high | — | 7.5 | 14y ago | SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |
| CVE-2012-4261 | high | — | 7.5 | 14y ago | SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. | |
| CVE-2012-4260 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) d… | |
| CVE-2012-4258 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) u… | |
| CVE-2012-2325 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL com… | |
| CVE-2012-2324 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) M… | |
| CVE-2012-3475 | high | — | 7.5 | 14y ago | The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. | |
| CVE-2012-3471 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 a… | |
| CVE-2012-3470 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vector… | |
| CVE-2012-3469 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in appl… | |
| CVE-2012-3468 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/contr… | |
| CVE-2012-4070 | high | — | 7.5 | 14y ago | SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php. | |
| CVE-2012-2967 | high | — | 7.5 | 14y ago | Caucho Quercus, as distributed in Resin, does not properly implement the `==` operator for comparisons | |
| CVE-2012-2966 | high | — | 7.5 | 14y ago | Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters | |
| CVE-2012-2965 | high | — | 7.5 | 14y ago | Caucho Quercus, as distributed in Resin, does not properly handle unspecified characters in the names of variables | |
| CVE-2012-4035 | high | — | 7.5 | 14y ago | The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php. | |
| CVE-2012-4034 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget pag… | |
| CVE-2012-3953 | high | — | 7.5 | 14y ago | SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | |
| CVE-2012-3554 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands … | |
| CVE-2012-2863 | high | — | 7.5 | 14y ago | The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write … | |
| CVE-2012-2203 | high | — | 7.5 | 14y ago | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects … | |
| CVE-2012-4178 | high | — | 7.5 | 14y ago | SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. | |
| CVE-2012-3423 | high | — | 7.5 | 14y ago | The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive informat… | |
| CVE-2012-3448 | high | — | 7.5 | 14y ago | Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. | |
| CVE-2012-2665 | high | — | 7.5 | 14y ago | Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and po… | |
| CVE-2012-3020 | high | — | 7.5 | 14y ago | The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrativ… | |
| CVE-2012-1910 | high | — | 7.5 | 14y ago | Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attac… | |
| CVE-2012-2859 | high | — | 7.5 | 14y ago | Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vect… | |
| CVE-2012-2856 | high | — | 7.5 | 14y ago | The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly… | |
| CVE-2012-3951 | high | — | 7.5 | 14y ago | The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows r… | |
| CVE-2012-3885 | high | — | 7.5 | 14y ago | The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. | |
| CVE-2012-4068 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associ… | |
| CVE-2012-4061 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.as… | |
| CVE-2012-4060 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. | |
| CVE-2012-4056 | high | — | 7.5 | 14y ago | SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. | |
| CVE-2012-4055 | high | — | 7.5 | 14y ago | SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter. | |
| CVE-2012-2306 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2012-2152 | high | — | 7.5 | 14y ago | Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet. | |
| CVE-2012-2961 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2012-2574 | high | — | 7.5 | 14y ago | SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "bl… | |
| CVE-2012-4045 | high | — | 7.5 | 14y ago | Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI fil… | |
| CVE-2012-2088 | high | — | 7.5 | 14y ago | Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute … | |
| CVE-2012-2303 | high | — | 7.5 | 14y ago | The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via… | |
| CVE-2012-3241 | high | — | 7.5 | 14y ago | The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. | |
| CVE-2012-3240 | high | — | 7.5 | 14y ago | The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. | |
| CVE-2012-0801 | high | — | 7.5 | 14y ago | lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | |
| CVE-2012-2607 | high | — | 7.5 | 14y ago | The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | |
| CVE-2012-2841 | high | — | 7.5 | 14y ago | Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involvin… | |
| CVE-2012-2840 | high | — | 7.5 | 14y ago | Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibl… | |
| CVE-2012-2814 | high | — | 7.5 | 14y ago | Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute a… | |
| CVE-2012-3998 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.… | |
| CVE-2012-2843 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height t… | |
| CVE-2012-2842 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handlin… | |
| CVE-2012-1162 | high | — | 7.5 | 14y ago | Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via … | |
| CVE-2012-3881 | high | — | 7.5 | 14y ago | Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php. | |
| CVE-2012-3399 | high | — | 7.5 | 14y ago | Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. | |
| CVE-2012-3376 | high | — | 7.5 | 14y ago | Client BlockTokens not checked in Apache Hadoop | |
| CVE-2012-2763 | high | — | 7.5 | 14y ago | Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long st… |