Skip to main content
CVE-2012-5777 MEDIUM POC This Month

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Code Injection RCE Empirecms
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-4197 MEDIUM POC This Month

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bugzilla
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-2733 MEDIUM This Month

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.3% and no vendor patch available.

Tomcat Denial Of Service Apache Java
NVD
CVSS 2.0
5.0
EPSS
20.3%
CVE-2012-4189 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Bugzilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4613 MEDIUM This Month

EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Rsa Data Protection Manager Appliance
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-5523 MEDIUM This Month

core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Mantisbt
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2012-5522 MEDIUM This Month

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mantisbt
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2012-5172 MEDIUM This Month

The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Monaca Debugger
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5884 MEDIUM This Month

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bugzilla
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5883 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Bugzilla Yui
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-4199 MEDIUM This Month

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bugzilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5882 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Yui
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5881 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Yui
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4612 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Data Protection Manager Software Server Rsa Data Protection Manager Appliance
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4198 MEDIUM This Month

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bugzilla
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy