.: LiveSquare :. Innovation. Intelligence. Proactive defense.

Customer Data Portal			Data and Information
Portal Home	Security Center	Manage Devices	CVE	CAPEC	DSB	DSB Search

Welcome to the Live Square CVE Repository. This searchable database is sourced from the NIST Computer Security Resource Center. We update this data daily via our distributed neural computing grid.

You may search by keyword(s) or by a specific case ID. If you use keywords to search, please separate each keyword with a comma.

Last Ten (10) CVE Alerts / Updates

	Case ID	Upd Seq	Published	Last Updated
High	CVE-2012-0983	2012-0983	2/2/2012	2/3/2012
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
High	CVE-2012-0982	2012-0982	2/2/2012	2/3/2012
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.
Medium	CVE-2012-0981	2012-0981	2/2/2012	2/3/2012
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information.
High	CVE-2012-0980	2012-0980	2/2/2012	2/3/2012
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.
Medium	CVE-2012-0979	2012-0979	2/2/2012	2/3/2012
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
Medium	CVE-2012-0978	2012-0978	2/2/2012	2/3/2012
Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
High	CVE-2012-0977	2012-0977	2/2/2012	2/3/2012
Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
Low	CVE-2012-0976	2012-0976	2/2/2012	2/3/2012
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.
Medium	CVE-2012-0975	2012-0975	2/2/2012	2/3/2012
Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter.
Medium	CVE-2012-0937	2012-0937	1/30/2012	1/31/2012
DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.

Welcome user from PSINet, Inc.