Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2012-2908 Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag pa... | N/A | NONE | — | 0 |
| CVE-2012-2909 Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Wor... | N/A | NONE | — | 0 |
| CVE-2012-2910 Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.rand... | N/A | NONE | — | 0 |
| CVE-2012-2911 Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter. | N/A | NONE | — | 0 |
| CVE-2012-2912 Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-... | N/A | NONE | — | 0 |
| CVE-2012-2913 Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.ph... | N/A | NONE | — | 0 |
| CVE-2012-2914 Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | N/A | NONE | — | 0 |
| CVE-2012-2915 Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag ... | N/A | NONE | — | 0 |
| CVE-2012-2916 Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option para... | N/A | NONE | — | 0 |
| CVE-2012-2917 Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and... | N/A | NONE | — | 0 |
| CVE-2010-5097 Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject ... | N/A | NONE | — | 0 |
| CVE-2010-5098 Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web ... | N/A | NONE | — | 0 |
| CVE-2010-5100 Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary we... | N/A | NONE | — | 0 |
| CVE-2012-1825 Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web sc... | N/A | NONE | — | 0 |
| CVE-2012-2959 Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrator... | N/A | NONE | — | 0 |
| CVE-2012-0677 Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | N/A | NONE | — | 0 |
| CVE-2012-0173 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 do... | N/A | NONE | — | 0 |
| CVE-2012-0217 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent Sma... | N/A | NONE | — | 0 |
| CVE-2012-1523 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Co... | N/A | NONE | — | 0 |
| CVE-2012-1849 Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstr... | N/A | NONE | — | 0 |
| CVE-2012-1855 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application ... | N/A | NONE | — | 0 |
| CVE-2012-1857 Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamic... | N/A | NONE | — | 0 |
| CVE-2012-1858 The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, wh... | N/A | NONE | — | 0 |
| CVE-2012-1864 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not prop... | N/A | NONE | — | 0 |
| CVE-2013-3624 The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a... | N/A | NONE | — | 0 |
| CVE-2013-2059 OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, wh... | N/A | NONE | — | 0 |
| CVE-2013-0941 EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Wind... | N/A | NONE | — | 0 |
| CVE-2013-0942 Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to... | N/A | NONE | — | 0 |
| CVE-2013-2311 Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified... | N/A | NONE | — | 0 |
| CVE-2024-7083 The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ... | 3.5 | LOW | — | 0 |
| CVE-2012-1865 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not prop... | N/A | NONE | — | 0 |
| CVE-2012-1866 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not prop... | N/A | NONE | — | 0 |
| CVE-2012-1867 Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold a... | 8.4 | HIGH | — | 0 |
| CVE-2012-1868 Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.s... | N/A | NONE | — | 0 |
| CVE-2012-1872 Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding,... | 6.1 | MEDIUM | — | 0 |
| CVE-2012-1873 Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML docume... | N/A | NONE | — | 0 |
| CVE-2012-1874 Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Tool... | N/A | NONE | — | 0 |
| CVE-2012-1875 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execu... | N/A | NONE | — | 0 |
| CVE-2012-1876 Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexist... | N/A | NONE | — | 0 |
| CVE-2012-1877 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Rem... | N/A | NONE | — | 0 |
| CVE-2012-1878 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event... | N/A | NONE | — | 0 |
| CVE-2012-1879 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "i... | 8.1 | HIGH | — | 0 |
| CVE-2012-1880 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Ex... | N/A | NONE | — | 0 |
| CVE-2023-5965 An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-5966 An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | 4.7 | MEDIUM | — | 0 |
| CVE-2012-1881 Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote ... | N/A | NONE | — | 0 |
| CVE-2012-1882 Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka ... | N/A | NONE | — | 0 |
| CVE-2012-2041 CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via uns... | N/A | NONE | — | 0 |
| CVE-2011-1759 Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users ... | N/A | NONE | — | 0 |
| CVE-2011-1767 net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.