Skip to main content
CVE-2012-5324 CRITICAL POC THREAT Emergency

Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.9%.

Buffer Overflow RCE Pdf Xchange
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
26.9%
Threat
4.2
CVE-2012-1125 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 37.9%.

WordPress PHP File Upload RCE Kish Guest Posting Plugin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
37.9%
Threat
4.0
CVE-2012-1189 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 24.9%.

Buffer Overflow RCE Torcs Speed Dreams
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
24.9%
Threat
4.1
CVE-2012-5321 MEDIUM POC THREAT This Month

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 23.1%.

PHP Code Injection Tikiwiki Cms Groupware
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
23.1%
CVE-2012-1671 MEDIUM POC THREAT This Month

Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

PHP Path Traversal Phppaleo
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
11.4%
CVE-2012-5318 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

WordPress PHP File Upload RCE Kish Guest Posting Plugin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
11.0%
CVE-2012-1308 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2640B Firmware Dsl 2640B
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
7.1%
CVE-2012-5331 MEDIUM POC This Month

Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal Asaancart
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
5.8%
CVE-2012-5334 HIGH POC This Week

SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre Printing Press
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.7%
CVE-2012-5333 HIGH POC This Week

SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre Printing Press
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2012-5313 HIGH POC This Week

SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Snitz Forums 2000
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-5317 HIGH POC PATCH This Week

SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Bigware Shop
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-5312 HIGH POC This Week

SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tribiq Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-5319 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 2000 Dcs 5300 Dcs 900
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.2%
CVE-2012-5309 MEDIUM POC This Month

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Lotus Notes Traveler
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-1416 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Socialcms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5323 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF X7968
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5320 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF F St 2604 Firmware F St 2604
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5326 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Isupport
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5308 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF IBM Lotus Notes Traveler
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-5327 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mingle Forum
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2012-5322 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS X7968
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.3%
CVE-2012-4824 MEDIUM POC This Month

Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect IBM Lotus Notes Traveler
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5335 MEDIUM POC This Month

Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tiny Server
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
7.3%
CVE-2012-5329 MEDIUM POC This Month

Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Typsoft Ftp Server
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
5.9%
CVE-2012-5332 MEDIUM POC This Month

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long string in an HTTP header field, as demonstrated using the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Reverse Proxy
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-0846 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Webcalendar
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5330 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Asaancart
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5315 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Php Ireport
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5314 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Viewgit
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4825 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Lotus Notes Traveler
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-5310 HIGH This Week

SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Wp E Commerce
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2012-5316 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spam Virus Firewall 600 Firmware Spam Virus Firewall 600
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-5307 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Mozilla XSS Lotus Notes Traveler
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2012-5328 MEDIUM This Month

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Mingle Forum
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2012-5325 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Shortcode Redirect
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy