Skip to main content
CVE-2012-4552 MEDIUM POC THREAT This Month

Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.1%.

Buffer Overflow RCE Plib
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
22.1%
CVE-2012-4520 MEDIUM PATCH This Month

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django
NVD GitHub
CVSS 2.0
6.4
EPSS
3.9%
CVE-2012-4936 MEDIUM This Month

The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pattern Insight
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2012-4937 MEDIUM This Month

Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsession_id cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pattern Insight
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2012-4935 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Pattern Insight
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4943 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4575 MEDIUM This Month

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service PostgreSQL Pgbouncer
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-4947 MEDIUM This Month

Agile FleetCommander and FleetCommander Kiosk before 4.08 store database credentials in cleartext, which allows remote attackers to obtain sensitive information via requests to unspecified pages. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-4946 MEDIUM This Month

Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR format for password encryption, which makes it easier for context-dependent attackers to obtain sensitive information by reading a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2012-4950 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Pattern Insight
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2012-4942 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fleetcommander Fleetcommander Kiosk
NVD
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy