Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."
Max CVSS
10.0
EPSS Score
0.29%
Published
2012-09-28
Updated
2017-08-29
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.33%
Published
2012-09-28
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.
Max CVSS
4.3
EPSS Score
0.31%
Published
2012-09-26
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.
Max CVSS
4.3
EPSS Score
0.36%
Published
2012-09-26
Updated
2017-08-29
Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php.
Max CVSS
6.5
EPSS Score
0.37%
Published
2012-09-26
Updated
2017-08-29

CVE-2012-5159

Public exploit
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
Max CVSS
7.5
EPSS Score
92.72%
Published
2012-09-25
Updated
2013-01-26
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
Max CVSS
4.3
EPSS Score
0.75%
Published
2012-09-23
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter.
Max CVSS
4.3
EPSS Score
0.65%
Published
2012-09-23
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parameter.
Max CVSS
4.3
EPSS Score
0.35%
Published
2012-09-23
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter.
Max CVSS
4.3
EPSS Score
0.75%
Published
2012-09-23
Updated
2017-08-29
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.30%
Published
2012-09-23
Updated
2017-08-29
Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO.
Max CVSS
5.0
EPSS Score
3.68%
Published
2012-09-23
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-09-23
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2012-09-23
Updated
2017-08-29

CVE-2012-5054

Known exploited
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
Max CVSS
9.3
EPSS Score
44.56%
Published
2012-09-24
Updated
2018-10-30
CISA KEV Added
2022-06-08
APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Max CVSS
7.8
EPSS Score
0.32%
Published
2012-09-28
Updated
2013-04-11
APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted packet.
Max CVSS
7.8
EPSS Score
0.25%
Published
2012-09-28
Updated
2013-04-11
The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
0.31%
Published
2012-09-20
Updated
2012-09-20
Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file.
Max CVSS
9.3
EPSS Score
1.07%
Published
2012-09-19
Updated
2012-09-20
Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action.
Max CVSS
6.8
EPSS Score
0.85%
Published
2012-09-19
Updated
2017-08-29
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html.
Max CVSS
6.8
EPSS Score
0.56%
Published
2012-09-19
Updated
2017-08-29
nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file.
Max CVSS
6.8
EPSS Score
5.37%
Published
2012-09-19
Updated
2017-08-29

CVE-2012-5002

Public exploit
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.
Max CVSS
6.8
EPSS Score
61.35%
Published
2012-09-19
Updated
2017-08-29
Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
7.83%
Published
2012-09-19
Updated
2017-08-29
SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
Max CVSS
7.5
EPSS Score
0.26%
Published
2012-09-19
Updated
2017-08-29
655 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!