Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-13 | CVE-2012-4265 | SQL Injection vulnerability in Itechscripts Proman Xpress 5.0.1 SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2012-08-13 | CVE-2012-4264 | Cross-Site Scripting vulnerability in Bit51 Better-Wp-Security Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. | 4.3 |
2012-08-13 | CVE-2012-4263 | Cross-Site Scripting vulnerability in Bit51 Better-Wp-Security Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. | 4.3 |
2012-08-13 | CVE-2012-3869 | Cross-Site Scripting vulnerability in Redaxo Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. | 4.3 |
2012-08-13 | CVE-2012-3367 | Cryptographic Issues vulnerability in Redhat Certificate System and Dogtag Certificate System Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate. | 5.5 |
2012-08-13 | CVE-2012-2371 | Cross-Site Scripting vulnerability in Mnt-Tech Wp-Facethumb 0.1 Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. | 4.3 |
2012-08-13 | CVE-2012-2368 | Improper Input Validation vulnerability in Bytemark Symbiosis 1321 Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password. | 5.0 |
2012-08-13 | CVE-2011-0524 | Buffer Errors vulnerability in Iain Gypsy 0.8 Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function. | 2.1 |
2012-08-13 | CVE-2011-0523 | Permissions, Privileges, and Access Controls vulnerability in Iain Gypsy 0.8 gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. | 1.9 |
2012-08-13 | CVE-2012-4262 | Cross-Site Scripting vulnerability in Hccgmbh Mycare2X Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php. | 4.3 |