Skip to main content
CVE-2012-3001 HIGH POC THREAT Act Now

Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability.". Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 70.6%.

Command Injection Standard
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
70.6%
Threat
5.3
CVE-2012-4772 HIGH POC This Week

SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Subrion Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.2%
CVE-2012-5168 HIGH POC PATCH This Week

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Acontent
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2012-5167 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Acontent
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2012-4773 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Subrion Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
4.4%
CVE-2012-4990 HIGH POC This Week

SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Openx
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2012-4232 HIGH POC PATCH This Week

SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Jcore
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2012-5452 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.7%.

XSS Subrion Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.7%
CVE-2012-1900 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Razorcms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4406 CRITICAL PATCH Act Now

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization RCE Swift Fedora +5
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2012-5454 MEDIUM POC This Month

user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Acontent
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2012-5453 MEDIUM POC This Month

SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Acontent
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2012-4771 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.4%
CVE-2012-4751 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Otrs
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.6%
CVE-2012-4231 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Jcore
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2012-4989 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Openx
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2012-3466 MEDIUM POC PATCH This Month

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an. Rated medium severity (CVSS 4.4). Public exploit code available.

Privilege Escalation Gnome Keyring
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-5169 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Acontent
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-4511 MEDIUM PATCH This Month

services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libsocialweb
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2012-4516 MEDIUM This Month

librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Librdmacm
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2012-4517 MEDIUM PATCH This Month

ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ibacm
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-4507 MEDIUM PATCH This Month

The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Claws Mail
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2012-4506 MEDIUM This Month

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Gitolite
NVD GitHub
CVSS 2.0
4.6
EPSS
0.8%
CVE-2012-4436 MEDIUM This Month

Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Fwknop
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-1154 MEDIUM PATCH This Month

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Jboss Enterprise Application Platform Mod Cluster
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5455 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the language search component in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2012-4435 MEDIUM This Month

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fwknop
NVD
CVSS 2.0
4.0
EPSS
1.2%
CVE-2012-4518 LOW Monitor

ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ibacm
NVD
CVSS 2.0
3.6
EPSS
0.0%
CVE-2012-2679 LOW Monitor

Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Rhncfg
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy