SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.
Max CVSS
7.5
EPSS Score
1.16%
Published
2012-05-29
Updated
2017-08-29
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.
Max CVSS
10.0
EPSS Score
0.36%
Published
2012-05-29
Updated
2012-05-30
CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter.
Max CVSS
5.0
EPSS Score
0.27%
Published
2012-05-27
Updated
2017-08-29
Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
Max CVSS
5.1
EPSS Score
10.16%
Published
2012-05-27
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2012-05-27
Updated
2017-08-29
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
Max CVSS
4.3
EPSS Score
1.57%
Published
2012-05-27
Updated
2017-08-29
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
Max CVSS
6.5
EPSS Score
1.75%
Published
2012-05-27
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-05-27
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module.
Max CVSS
7.5
EPSS Score
0.36%
Published
2012-05-27
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to (c) admin/admin_index.php.
Max CVSS
4.3
EPSS Score
0.28%
Published
2012-05-27
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.
Max CVSS
4.3
EPSS Score
0.13%
Published
2012-05-27
Updated
2017-08-29
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Max CVSS
6.4
EPSS Score
1.67%
Published
2012-05-22
Updated
2022-05-14
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.41%
Published
2012-05-22
Updated
2017-08-29

CVE-2012-2926

Public exploit
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Max CVSS
9.1
EPSS Score
45.86%
Published
2012-05-22
Updated
2021-12-13
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
Max CVSS
7.5
EPSS Score
0.17%
Published
2012-05-21
Updated
2017-08-29
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
Max CVSS
7.5
EPSS Score
0.85%
Published
2012-05-21
Updated
2017-08-29
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
Max CVSS
7.5
EPSS Score
0.66%
Published
2012-05-21
Updated
2017-08-29
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.73%
Published
2012-05-21
Updated
2017-08-29
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.
Max CVSS
5.0
EPSS Score
3.40%
Published
2012-05-21
Updated
2013-08-22
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-05-21
Updated
2017-08-29
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
Max CVSS
5.0
EPSS Score
1.92%
Published
2012-05-21
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-05-21
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-05-21
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-05-21
Updated
2017-08-29

CVE-2012-2915

Public exploit
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
Max CVSS
9.3
EPSS Score
93.24%
Published
2012-05-21
Updated
2017-08-29
425 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!