Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-10-09 | CVE-2012-3436 | Improper Input Validation vulnerability in Openttd OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half." | 5.0 |
2012-10-09 | CVE-2012-5350 | SQL Injection vulnerability in Wordpress Pay-With-Tweet SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | 6.0 |
2012-10-09 | CVE-2012-5349 | Cross-Site Scripting vulnerability in Wordpress Pay-With-Tweet Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. | 2.6 |
2012-10-09 | CVE-2012-5348 | SQL Injection vulnerability in Wilson Steven Mangosweb Enhanced 3.0.3 SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. | 6.8 |
2012-10-09 | CVE-2012-5347 | Remote Command Execution vulnerability in Tinywebgallery 1.8.3 TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php. | 7.5 |
2012-10-09 | CVE-2012-5346 | Cross-Site Scripting vulnerability in Bencemeszaros Wp-Livephp 1.2.1 Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
2012-10-09 | CVE-2012-5345 | Buffer Errors vulnerability in Kepler LAM Iptools 0.1.4 Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23. | 5.0 |
2012-10-09 | CVE-2012-5344 | Path Traversal vulnerability in Kepler LAM Iptools 0.1.4 Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. | 5.0 |
2012-10-09 | CVE-2012-5343 | Cross-Site Scripting vulnerability in Limny 3.0.1 Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable. | 4.3 |
2012-10-09 | CVE-2012-5342 | SQL Injection vulnerability in Michau Enterprises LLC Commonsense CMS Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php. | 7.5 |