Skip to main content
CVE-2012-1153 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.7%.

PHP File Upload RCE Apprain
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
80.7%
Threat
5.3
CVE-2012-0987 MEDIUM POC PATCH This Month

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP Path Traversal Impresscms
NVD
CVSS 2.0
6.0
EPSS
2.7%
CVE-2012-0986 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Impresscms
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-1634 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Video Filter
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-1564 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Yvs Image Gallery
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-1623 MEDIUM PATCH This Month

The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Regcode
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-0065 MEDIUM PATCH This Month

Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Buffer Overflow RCE Usbmuxd
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2012-5305 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Directadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy