ReportizFlow
Filtered by vendor
Subscriptions
Total
322985 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6715 | 1 Formbuilder Project | 1 Formbuilder | 2024-11-21 | N/A |
| The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. | ||||
| CVE-2012-6714 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | N/A |
| The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. | ||||
| CVE-2012-6713 | 1 Wp-jobmanager | 1 Job Manager | 2024-11-21 | N/A |
| The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. | ||||
| CVE-2012-6712 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | ||||
| CVE-2012-6711 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2024-11-21 | N/A |
| A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). | ||||
| CVE-2012-6710 | 1 Extplorer | 1 Extplorer | 2024-11-21 | N/A |
| ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. | ||||
| CVE-2012-6709 | 2 Elinks, Twibright | 2 Elinks, Links | 2024-11-21 | N/A |
| ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. | ||||
| CVE-2012-6708 | 1 Jquery | 1 Jquery | 2024-11-21 | N/A |
| jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. | ||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more | 2024-11-21 | 7.5 High |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | ||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | ||||
| CVE-2012-6671 | 1 Dragonbyte-tech | 1 Forumon Rpg Module | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters. | ||||
| CVE-2012-6670 | 1 Dragonbyte-tech | 1 Vbactivity Module | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php. | ||||
| CVE-2012-6668 | 1 Dragonbyte-tech | 1 Vbshout Module | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php. | ||||
| CVE-2012-6667 | 1 Dragonbyte-tech | 1 Vbshout | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. | ||||
| CVE-2012-6666 | 1 Vbseo | 1 Vbseo | 2024-11-21 | 6.1 Medium |
| vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. | ||||
| CVE-2012-6664 | 2024-11-21 | 9.1 Critical | ||
| Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands. | ||||
| CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2024-11-21 | 7.5 High |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. | ||||
| CVE-2012-6655 | 4 Accountsservice Project, Debian, Opensuse and 1 more | 4 Accountsservice, Debian Linux, Opensuse and 1 more | 2024-11-21 | 3.3 Low |
| An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | ||||
| CVE-2012-6652 | 1 Page Flip Book Project | 1 Page Flip Book | 2024-11-21 | N/A |
| Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter. | ||||
| CVE-2012-6649 | 1 Devfarm | 1 Wp Gpx Maps | 2024-11-21 | 9.8 Critical |
| WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | ||||