Skip to main content
CVE-2012-4773 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Subrion Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
4.4%
CVE-2012-5452 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.7%.

XSS Subrion Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.7%
CVE-2012-1900 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Razorcms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5454 MEDIUM POC This Month

user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Acontent
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2012-5453 MEDIUM POC This Month

SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Acontent
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2012-4771 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.4%
CVE-2012-4751 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Otrs
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.6%
CVE-2012-4231 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Jcore
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2012-4989 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Openx
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2012-3466 MEDIUM POC PATCH This Month

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an. Rated medium severity (CVSS 4.4). Public exploit code available.

Privilege Escalation Gnome Keyring
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-5169 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Acontent
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-4511 MEDIUM PATCH This Month

services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libsocialweb
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2012-4516 MEDIUM This Month

librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Librdmacm
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2012-4517 MEDIUM PATCH This Month

ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ibacm
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-4507 MEDIUM PATCH This Month

The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Claws Mail
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2012-4506 MEDIUM This Month

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Gitolite
NVD GitHub
CVSS 2.0
4.6
EPSS
0.8%
CVE-2012-4436 MEDIUM This Month

Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Fwknop
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-1154 MEDIUM PATCH This Month

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Jboss Enterprise Application Platform Mod Cluster
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5455 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the language search component in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2012-4435 MEDIUM This Month

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fwknop
NVD
CVSS 2.0
4.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy