Vulnerabilities (CVE)

Filtered by CWE-94
Total 6464 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5304 1 Yuriy V Semenikhin 1 Yvs Image Gallery 2026-06-16 7.5 HIGH N/A
Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
CVE-2012-5293 1 Redgraphic 1 Sapid Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.
CVE-2012-5231 1 Jessgramp 1 Minicms 2026-06-16 7.5 HIGH N/A
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
CVE-2012-5224 1 Vbadvanced 1 Vbadvanced Cmps 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.
CVE-2012-5223 1 Crawlability 1 Vbseo 2026-06-16 7.5 HIGH N/A
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
CVE-2012-5159 1 Phpmyadmin 1 Phpmyadmin 2026-06-16 7.5 HIGH N/A
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVE-2012-5142 2 Google, Opensuse 2 Chrome, Opensuse 2026-06-16 10.0 HIGH N/A
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-4884 1 Bestpractical 1 Rt 2026-06-16 5.0 MEDIUM N/A
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
CVE-2012-4869 1 Sangoma 1 Freepbx 2026-06-16 7.5 HIGH N/A
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
CVE-2012-4864 1 Oreans 1 Winlicense 2026-06-16 9.3 HIGH N/A
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
CVE-2012-4840 1 Ibm 1 Cognos Business Intelligence 2026-06-16 5.0 MEDIUM N/A
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors.
CVE-2012-4791 1 Microsoft 1 Exchange Server 2026-06-16 3.5 LOW N/A
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
CVE-2012-4786 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2026-06-16 10.0 HIGH N/A
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
CVE-2012-4781 1 Microsoft 1 Internet Explorer 2026-06-16 9.3 HIGH N/A
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."
CVE-2012-4774 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2026-06-16 9.3 HIGH N/A
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
CVE-2012-4707 1 3s-software 1 Codesys Gateway-server 2026-06-16 10.0 HIGH N/A
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
CVE-2012-4427 1 Gnome 1 Gnome-shell 2026-06-16 6.8 MEDIUM N/A
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
CVE-2012-4249 1 Amazon 1 Kindle Touch 2026-06-16 10.0 HIGH N/A
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248.
CVE-2012-4143 4 Apple, Linux, Microsoft and 1 more 4 Mac Os X, Linux Kernel, Windows and 1 more 2026-06-16 6.8 MEDIUM N/A
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.
CVE-2012-4049 2 Opensuse, Wireshark 2 Opensuse, Wireshark 2026-06-16 2.9 LOW N/A
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.