Skip to main content
CVE-2012-4959 CRITICAL POC THREAT Emergency

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.9%.

Path Traversal File Reporter
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
73.9%
Threat
5.7
CVE-2012-4956 CRITICAL POC THREAT Emergency

Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 68.6%.

Buffer Overflow RCE File Reporter
NVD
CVSS 2.0
10.0
EPSS
68.6%
Threat
5.6
CVE-2012-4957 HIGH POC THREAT Act Now

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

Path Traversal File Reporter
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
75.6%
Threat
5.3
CVE-2012-4958 HIGH POC THREAT Act Now

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.6%.

Path Traversal File Reporter
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
73.6%
Threat
5.3
CVE-2012-4552 MEDIUM POC THREAT This Month

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.1%.

Buffer Overflow RCE Plib
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
22.1%
CVE-2012-4944 CRITICAL Act Now

Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
10.0
EPSS
5.7%
CVE-2012-4433 HIGH Act Now

Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Buffer Overflow Denial Of Service RCE Gegl
NVD
CVSS 2.0
7.5
EPSS
12.3%
CVE-2012-4945 HIGH This Week

Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2012-4941 HIGH This Week

Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-4520 MEDIUM PATCH This Month

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django
NVD GitHub
CVSS 2.0
6.4
EPSS
3.9%
CVE-2012-4936 MEDIUM This Month

The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pattern Insight
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2012-4937 MEDIUM This Month

Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsession_id cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pattern Insight
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2012-4935 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Pattern Insight
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4943 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4575 MEDIUM This Month

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PostgreSQL Pgbouncer
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-4947 MEDIUM This Month

Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-4946 MEDIUM This Month

Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2012-4950 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Pattern Insight
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2012-4942 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-4938 LOW Monitor

Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Pattern Insight
NVD
CVSS 2.0
3.5
EPSS
1.3%
CVE-2012-4417 LOW Monitor

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Glusterfs
NVD
CVSS 2.0
3.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy