Skip to main content
CVE-2012-1153 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.7%.

PHP File Upload RCE Apprain
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
80.7%
Threat
5.3
CVE-2012-5306 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.6%.

Buffer Overflow Denial Of Service D-Link RCE Camera Stream Client Activex Control +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
27.6%
Threat
4.2
CVE-2012-0987 MEDIUM POC PATCH This Month

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP Path Traversal Impresscms
NVD
CVSS 2.0
6.0
EPSS
2.7%
CVE-2012-0986 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Impresscms
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-1634 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Video Filter
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-1564 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Yvs Image Gallery
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-1618 HIGH PATCH This Week

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Postgresql Jdbc Driver
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2012-1565 HIGH This Week

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ez Publish
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2012-5304 HIGH This Week

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Code Injection RCE Yvs Image Gallery
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-1623 MEDIUM PATCH This Month

The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Regcode
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-0065 MEDIUM PATCH This Month

Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Buffer Overflow RCE Usbmuxd
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2012-5305 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Directadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-1624 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Lingotek
NVD
CVSS 2.0
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy