Skip to main content
CVE-2012-5223 HIGH POC THREAT Act Now

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.6%.

PHP Code Injection RCE Vbseo
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
79.6%
Threat
5.4
CVE-2012-4415 HIGH POC PATCH THREAT Act Now

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.6%.

Buffer Overflow Denial Of Service RCE Fedora Guacamole
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
38.6%
Threat
4.2
CVE-2012-5231 HIGH POC This Week

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection RCE Minicms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
5.0%
CVE-2012-4432 HIGH POC PATCH This Week

Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to "palette reduction.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Optipng
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2012-1603 HIGH POC This Week

Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nextbbs
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.8%
CVE-2012-5224 HIGH POC This Week

PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection RCE Vbadvanced Cmps
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2012-5227 HIGH POC This Week

SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Peel Shopping
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-1602 HIGH POC This Week

user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Nextbbs
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2012-4427 MEDIUM POC This Month

The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection RCE Gnome Shell
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2012-1897 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Wolf Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-4242 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Mf Gig Calendar
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.0%
CVE-2012-5228 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Phplist
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.7%
CVE-2012-1470 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Ocportal
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.9%
CVE-2012-1604 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Nextbbs
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.4%
CVE-2012-5225 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Xclick Cart
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.2%
CVE-2012-1471 MEDIUM POC PATCH This Month

Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Ocportal
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-1898 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Wolf Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.2%
CVE-2012-0989 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Action And Information Management System
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5226 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Peel Shopping
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5229 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Slideshow Gallery2
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-1590 MEDIUM POC PATCH This Month

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Drupal
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2012-2240 HIGH This Week

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2012-5230 HIGH This Week

Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Com Jesubmit
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-2242 MEDIUM This Month

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-0748 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Rational Team Concert
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4064 MEDIUM This Month

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2012-1576 MEDIUM This Month

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Atheme
NVD
CVSS 2.0
6.0
EPSS
1.4%
CVE-2012-4450 MEDIUM PATCH This Month

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation 389 Directory Server
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2012-5234 MEDIUM PATCH This Month

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Open Redirect Ocportal
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-3035 MEDIUM This Month

Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Deltav
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-4429 MEDIUM This Month

Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Vino
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-2241 MEDIUM This Month

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-4063 MEDIUM This Month

The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Apache Eucalyptus
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-1591 MEDIUM PATCH This Month

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drupal
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-4830 MEDIUM This Month

Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Commerce
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-3319 MEDIUM This Month

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Rational Business Developer
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-4437 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Smarty
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5232 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mod Quick Form
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-1636 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

CSRF Stickynote
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2012-2153 MEDIUM PATCH This Month

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drupal
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-1588 LOW PATCH Monitor

Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Drupal
NVD
CVSS 2.0
3.5
EPSS
0.6%
CVE-2012-1639 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Commerce
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2012-4065 LOW Monitor

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2012-5233 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Stickynote
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-4833 LOW PATCH Monitor

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation IBM Vios Aix
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-3500 LOW PATCH Monitor

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or. Rated low severity (CVSS 1.2).

Information Disclosure Race Condition Devscripts
NVD
CVSS 2.0
1.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy