Skip to main content
CVE-2012-5692 CRITICAL POC PATCH THREAT Act Now

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.0%.

PHP Information Disclosure Invision Power Board
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.0%
Threat
6.0
CVE-2012-4940 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.8%.

Path Traversal Axigen Free Mail Server
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
79.8%
Threat
5.2
CVE-2012-4547 MEDIUM POC THREAT This Month

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 31.7%.

XSS Awstats
NVD
CVSS 2.0
4.3
EPSS
31.7%
CVE-2012-5671 MEDIUM This Month

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.7% and no vendor patch available.

Buffer Overflow RCE Exim
NVD
CVSS 2.0
6.8
EPSS
35.7%
CVE-2012-4939 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ip Address Manager Web Interface Orion Network Performance Monitor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.8%
CVE-2012-4489 MEDIUM POC PATCH This Month

Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Open Redirect Securelogin
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-4485 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Galleryformatter
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4532 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2012-4491 MEDIUM This Month

The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Monthly Archive By Node Type
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-4499 MEDIUM PATCH This Month

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Email
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-4483 MEDIUM PATCH This Month

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Commons
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-4482 MEDIUM This Month

The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ubercart Securetrading Payment Method Module
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-4488 MEDIUM PATCH This Month

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Location
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-4484 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Campaignmonitor
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4494 MEDIUM This Month

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Shibb Auth
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4490 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Excluded Users
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4531 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2012-4495 MEDIUM PATCH This Month

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Mimemail
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-4934 LOW Monitor

TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Tomatocart
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2012-4500 LOW PATCH Monitor

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Announcements
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2012-4610 LOW Monitor

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Authentication Bypass Avamar
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2012-2625 LOW Monitor

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Xen Unstable
NVD
CVSS 2.0
2.7
EPSS
0.3%
CVE-2012-4496 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Custom Pub
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-4492 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Shorten
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-4544 LOW Monitor

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy