Skip to main content
CVE-2012-5896 CRITICAL POC THREAT Emergency

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.3%.

RCE Intrust
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
81.3%
Threat
5.9
CVE-2012-5897 CRITICAL POC THREAT Emergency

The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.7%.

Privilege Escalation Intrust
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
10.7%
CVE-2012-5900 HIGH POC This Week

Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Landshop
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.5%
CVE-2012-5894 HIGH POC This Week

SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.6%
CVE-2012-5912 HIGH POC This Week

Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Picopublisher
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2012-5909 HIGH POC This Week

SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Mybb
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-5905 MEDIUM POC THREAT This Month

Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

Buffer Overflow Denial Of Service Knftpd
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
16.3%
CVE-2012-5893 MEDIUM POC This Month

Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload RCE Cms
NVD
CVSS 2.0
6.8
EPSS
2.2%
CVE-2012-5907 MEDIUM POC THREAT This Month

Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

PHP Path Traversal Tomatocart
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.2%
CVE-2012-5917 MEDIUM POC THREAT This Month

SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.6%.

Buffer Overflow Denial Of Service Snackamp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.6%
CVE-2012-5898 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Landshop
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-5891 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Dalbum
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5895 CRITICAL Act Now

Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Irods
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2012-5899 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Landshop
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.6%
CVE-2012-5908 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Mybb
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.1%
CVE-2012-5892 MEDIUM POC This Month

Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cms
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5916 MEDIUM POC This Month

Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seditio
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5903 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Smf
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.5%
CVE-2012-5913 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Wordpress Integrator
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.5%
CVE-2012-5904 MEDIUM This Month

Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Irfanview
NVD
CVSS 2.0
6.8
EPSS
8.4%
CVE-2012-5906 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Greenbrowser
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-5911 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS B2Evolution
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-5914 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Seditio
NVD
CVSS 2.0
2.6
EPSS
0.5%
CVE-2012-5910 MEDIUM This Month

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi B2Evolution
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2012-5885 MEDIUM PATCH This Month

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Privilege Escalation Apache
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2012-5886 MEDIUM PATCH This Month

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Tomcat Apache Authentication Bypass
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5901 MEDIUM This Month

DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ptk
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5890 MEDIUM PATCH This Month

The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sr Feuser Register
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5915 MEDIUM This Month

Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Seditio
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5887 MEDIUM PATCH This Month

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomcat
NVD
CVSS 2.0
5.0
EPSS
12.1%
CVE-2012-5902 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Ptk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5856 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Uk Cookie
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5889 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Powermail
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5888 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Seo Basics
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy