Search Results (363118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4846 1 Mhproducts 1 Pay Pal Shop Digital 2025-04-11 N/A
SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
CVE-2012-3467 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
CVE-2012-3468 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
CVE-2012-3471 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.
CVE-2010-4852 1 Eclime 1 Eclime 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action.
CVE-2012-3472 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
CVE-2012-3163 6 Canonical, Debian, F5 and 3 more 22 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 19 more 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
CVE-2012-3156 1 Oracle 1 Mysql 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
CVE-2012-3153 1 Oracle 1 Fusion Middleware 2025-04-11 N/A
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.
CVE-2012-3149 1 Oracle 1 Mysql 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
CVE-2012-3148 1 Oracle 1 E-business Suite 2025-04-11 N/A
Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload.
CVE-2012-3147 1 Oracle 1 Mysql 2025-04-11 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
CVE-2012-3130 1 Sun 1 Sunos 2025-04-11 N/A
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd.
CVE-2012-3128 1 Oracle 14 Netra Sparc T3-1, Netra Sparc T3-1b, Netra Sparc T4-1 and 11 more 2025-04-11 N/A
Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager.
CVE-2012-3126 1 Oracle 1 Sun Products Suite 2025-04-11 N/A
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
CVE-2012-3125 1 Sun 1 Sunos 2025-04-11 N/A
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP.
CVE-2012-3120 1 Sun 1 Sunos 2025-04-11 N/A
Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP.
CVE-2012-3110 1 Oracle 1 Fusion Middleware 2025-04-11 N/A
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, and CVE-2012-3108.
CVE-2012-3075 1 Cisco 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more 2025-04-11 N/A
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
CVE-2012-2418 2 Intuit, Microsoft 2 Quickbooks, Internet Explorer 2025-04-11 N/A
Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character.