| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2012-4704 |
20 |
|
Exec Code |
2013-02-24 |
2013-05-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. |
|
352 |
CVE-2012-4701 |
22 |
|
Exec Code Dir. Trav. |
2013-02-15 |
2013-02-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature. |
|
353 |
CVE-2012-4700 |
119 |
|
Exec Code Overflow |
2013-02-08 |
2013-02-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. |
|
354 |
CVE-2012-4694 |
310 |
|
|
2013-02-15 |
2013-02-15 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. |
|
355 |
CVE-2012-4558 |
79 |
|
XSS |
2013-02-26 |
2021-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. |
|
356 |
CVE-2012-4542 |
264 |
|
Bypass |
2013-02-28 |
2013-06-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. |
|
357 |
CVE-2012-4530 |
200 |
|
+Info |
2013-02-18 |
2013-06-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
358 |
CVE-2012-4398 |
20 |
|
DoS |
2013-02-18 |
2015-03-26 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. |
|
359 |
CVE-2012-4352 |
79 |
|
XSS |
2013-02-18 |
2013-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp. |
|
360 |
CVE-2012-4351 |
189 |
|
Overflow +Priv |
2013-02-18 |
2013-02-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application. |
|
361 |
CVE-2012-4305 |
|
|
Exec Code |
2013-02-02 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue allows remote attackers to execute arbitrary code via vectors related to an "invalid type cast" and exposed native methods in the T2KGlyph class. |
|
362 |
CVE-2012-4301 |
|
|
Exec Code |
2013-02-02 |
2017-09-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that this issue allows remote attackers to execute arbitrary code via an "invalid type case" in the init method of the D3DShader class in the com.sun.prism.d3d package. CPU. |
|
363 |
CVE-2012-3499 |
79 |
|
XSS |
2013-02-26 |
2021-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. |
|
364 |
CVE-2012-3370 |
264 |
|
+Priv |
2013-02-05 |
2017-08-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. |
|
365 |
CVE-2012-3369 |
264 |
|
+Priv |
2013-02-05 |
2017-08-29 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. |
|
366 |
CVE-2012-3363 |
|
|
|
2013-02-13 |
2013-12-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. |
|
367 |
CVE-2012-3342 |
|
|
|
2013-02-02 |
2022-05-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. |
|
368 |
CVE-2012-3328 |
79 |
|
XSS |
2013-02-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer. |
|
369 |
CVE-2012-3327 |
79 |
|
XSS |
2013-02-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action. |
|
370 |
CVE-2012-3322 |
79 |
|
XSS |
2013-02-20 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name. |
|
371 |
CVE-2012-3321 |
264 |
|
Bypass |
2013-02-20 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password. |
|
372 |
CVE-2012-3316 |
79 |
|
XSS |
2013-02-20 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
373 |
CVE-2012-3286 |
|
|
DoS +Info |
2013-02-16 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. |
|
374 |
CVE-2012-3285 |
|
|
Exec Code |
2013-02-06 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513. |
|
375 |
CVE-2012-3284 |
|
|
Exec Code |
2013-02-06 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512. |
|
376 |
CVE-2012-3283 |
|
|
Exec Code |
2013-02-06 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511. |
|
377 |
CVE-2012-3282 |
|
|
Exec Code |
2013-02-06 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468. |
|
378 |
CVE-2012-3281 |
|
|
DoS |
2013-02-06 |
2019-10-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors. |
|
379 |
CVE-2012-3280 |
|
|
DoS +Info |
2013-02-13 |
2019-10-09 |
6.3 |
None |
Local Network |
Medium |
??? |
Partial |
Partial |
Complete |
|
Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J06.x allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via an OSS Remote Operation over an Expand connection. |
|
380 |
CVE-2012-3279 |
79 |
|
XSS |
2013-02-06 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
381 |
CVE-2012-3268 |
522 |
|
|
2013-02-01 |
2021-04-06 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. |
|
382 |
CVE-2012-3213 |
|
|
|
2013-02-02 |
2022-05-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. |
|
383 |
CVE-2012-2697 |
20 |
|
DoS |
2013-02-24 |
2016-12-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map." |
|
384 |
CVE-2012-2686 |
310 |
|
DoS |
2013-02-08 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. |
|
385 |
CVE-2012-2294 |
20 |
|
|
2013-02-06 |
2013-02-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. |
|
386 |
CVE-2012-2293 |
22 |
|
Exec Code Dir. Trav. |
2013-02-06 |
2013-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path. |
|
387 |
CVE-2012-2292 |
264 |
|
Bypass |
2013-02-06 |
2013-02-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |
|
388 |
CVE-2012-1543 |
|
|
|
2013-02-02 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class. |
|
389 |
CVE-2012-1541 |
|
|
Exec Code |
2013-02-02 |
2022-05-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free. |
|
390 |
CVE-2012-1064 |
79 |
|
XSS |
2013-02-06 |
2013-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
391 |
CVE-2012-0874 |
287 |
1
|
Exec Code Bypass |
2013-02-05 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. |
|
392 |
CVE-2012-0439 |
94 |
|
Exec Code |
2013-02-24 |
2013-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. |
|
393 |
CVE-2012-0034 |
255 |
|
+Info |
2013-02-05 |
2015-01-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. |
|
394 |
CVE-2011-5265 |
79 |
|
XSS |
2013-02-12 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. |
|
395 |
CVE-2011-5264 |
79 |
|
XSS |
2013-02-12 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter. |
|
396 |
CVE-2011-5263 |
79 |
|
XSS |
2013-02-12 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. |
|
397 |
CVE-2011-5262 |
89 |
1
|
Exec Code Sql |
2013-02-12 |
2013-02-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
|
398 |
CVE-2011-5261 |
79 |
|
XSS |
2013-02-12 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml. |
|
399 |
CVE-2011-5260 |
79 |
|
XSS |
2013-02-12 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
|
400 |
CVE-2011-5259 |
89 |
|
Exec Code Sql |
2013-02-12 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
