Skip to main content
CVE-2012-5386 MEDIUM POC This Month

Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal Phppaleo
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
6.4%
CVE-2012-5379 HIGH POC This Week

Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Activepython
NVD Exploit-DB
CVSS 3.1
7.3
EPSS
0.4%
CVE-2012-5112 CRITICAL Act Now

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Apple RCE Chrome Iphone Os
NVD
CVSS 2.0
10.0
EPSS
4.6%
CVE-2012-5380 MEDIUM POC This Month

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.7). Public exploit code available and no vendor patch available.

Path Traversal Microsoft Ruby
NVD Exploit-DB
CVSS 3.1
6.7
EPSS
0.4%
CVE-2012-5383 MEDIUM POC This Month

Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Information Disclosure Oracle Microsoft MySQL
NVD Exploit-DB
CVSS 2.0
6.2
EPSS
0.3%
CVE-2012-5381 MEDIUM POC This Month

Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.

PHP Information Disclosure Microsoft
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2012-5377 MEDIUM POC This Month

Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Activeperl
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2012-5378 MEDIUM POC This Month

Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Activetcl
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
0.3%
CVE-2012-5382 MEDIUM POC This Month

Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Zend Server
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
0.2%
CVE-2012-5376 CRITICAL Act Now

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2012-5385 HIGH This Week

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation RCE Webcalendar
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2012-5384 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Webcalendar
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy