Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-03 | CVE-2012-3844 | Cross-Site Scripting vulnerability in Vbulletin 4.1.12 Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. | 4.3 |
| 2012-07-03 | CVE-2012-3843 | Cross-Site Scripting vulnerability in E107 1.0.1 Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-07-03 | CVE-2012-3842 | Cross-Site Scripting vulnerability in Jbmc-Software Directadmin 1.403 Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. | 4.3 |
| 2012-07-03 | CVE-2012-3841 | Unspecified vulnerability in Kmplayer 3.2.0.19 Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. | 9.3 |
| 2012-07-03 | CVE-2012-3840 | Cross-Site Scripting vulnerability in Myclientbase 0.12 Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters. | 4.3 |
| 2012-07-03 | CVE-2012-3839 | SQL Injection vulnerability in Myclientbase 0.12 Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. | 7.5 |
| 2012-07-03 | CVE-2012-3838 | Information Exposure vulnerability in Babygekko Baby Gekko Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. | 5.0 |
| 2012-07-03 | CVE-2012-3837 | Cross-Site Scripting vulnerability in Babygekko Baby Gekko Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. | 4.3 |
| 2012-07-03 | CVE-2012-3836 | Cross-Site Scripting vulnerability in Babygekko Baby Gekko Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php. | 4.3 |
| 2012-07-03 | CVE-2012-3835 | Cross-Site Scripting vulnerability in Alienvault Open Source Security Information Management 3.1 Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page. | 4.3 |