Skip to main content
CVE-2012-1125 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 37.9%.

WordPress PHP File Upload RCE Kish Guest Posting Plugin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
37.9%
Threat
4.0
CVE-2012-5321 MEDIUM POC THREAT This Month

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 23.1%.

PHP Code Injection Tikiwiki Cms Groupware
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
23.1%
CVE-2012-1671 MEDIUM POC THREAT This Month

Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

PHP Path Traversal Phppaleo
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
11.4%
CVE-2012-5318 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

WordPress PHP File Upload RCE Kish Guest Posting Plugin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
11.0%
CVE-2012-1308 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2640B Firmware Dsl 2640B
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
7.1%
CVE-2012-5331 MEDIUM POC This Month

Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal Asaancart
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
5.8%
CVE-2012-5319 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dcs 2000 Dcs 5300 Dcs 900
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.2%
CVE-2012-5309 MEDIUM POC This Month

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Lotus Notes Traveler
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-1416 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Socialcms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5323 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF X7968
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5320 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF F St 2604 Firmware F St 2604
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5326 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Isupport
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5308 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF IBM Lotus Notes Traveler
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-5327 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Mingle Forum
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2012-5322 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS X7968
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.3%
CVE-2012-4824 MEDIUM POC This Month

Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect IBM Lotus Notes Traveler
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5335 MEDIUM POC This Month

Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tiny Server
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
7.3%
CVE-2012-5329 MEDIUM POC This Month

Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Typsoft Ftp Server
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
5.9%
CVE-2012-5332 MEDIUM POC This Month

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long string in an HTTP header field, as demonstrated using the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Reverse Proxy
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-0846 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Webcalendar
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5330 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Asaancart
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5315 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Php Ireport
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5314 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Viewgit
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4825 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Lotus Notes Traveler
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-5328 MEDIUM This Month

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Mingle Forum
NVD
CVSS 2.0
6.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy