Skip to main content
CVE-2012-2551 MEDIUM This Month

The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 61.3% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2008
NVD
CVSS 2.0
5.0
EPSS
61.3%
CVE-2012-2552 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4% and no vendor patch available.

Microsoft XSS Sql Server Sql Server Reporting Services
NVD
CVSS 2.0
4.3
EPSS
44.4%
CVE-2012-5348 MEDIUM POC This Month

SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP SQLi Mangosweb Enhanced
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.4%
CVE-2012-5345 MEDIUM POC This Month

Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Iptools
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
9.7%
CVE-2012-5344 MEDIUM POC This Month

Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Iptools
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.6%
CVE-2012-5350 MEDIUM POC This Month

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress SQLi Pay With Tweet
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
1.5%
CVE-2012-5343 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Limny
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.5%
CVE-2012-4418 MEDIUM POC PATCH This Month

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Authentication Bypass Axis2
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-3436 MEDIUM POC This Month

OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openttd
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2012-2520 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Microsoft XSS Groove Server Infopath Lync +5
NVD
CVSS 2.0
4.3
EPSS
24.2%
CVE-2012-5341 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Statit
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.2%
CVE-2012-5346 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Wp Livephp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-4002 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Glpi
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5351 MEDIUM PATCH This Month

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Axis2
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2012-5352 MEDIUM This Month

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Java Open Single Sign On Project Home
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5353 MEDIUM This Month

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Openathens Service Provider
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-3505 MEDIUM This Month

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tinyproxy
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2012-5109 MEDIUM This Month

The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-5110 MEDIUM This Month

The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-4003 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Glpi
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4457 MEDIUM PATCH This Month

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD GitHub
CVSS 2.0
4.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy