Skip to main content
CVE-2012-4409 MEDIUM POC THREAT This Month

Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 58.7%.

Buffer Overflow RCE Mcrypt
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
58.7%
Threat
4.6
CVE-2012-4527 MEDIUM This Month

Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 28.1% and no vendor patch available.

Buffer Overflow Denial Of Service RCE Mcrypt
NVD
CVSS 2.0
6.8
EPSS
28.1%
CVE-2012-4426 MEDIUM This Month

Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 14.9% and no vendor patch available.

Denial Of Service RCE Mcrypt
NVD
CVSS 2.0
6.8
EPSS
14.9%
CVE-2012-4201 MEDIUM POC This Month

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla XSS Firefox Seamonkey Thunderbird +11
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2012-4207 MEDIUM POC This Month

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla XSS Firefox Seamonkey Thunderbird +11
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2012-4203 MEDIUM This Month

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Firefox
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2012-5837 MEDIUM This Month

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Google XSS Firefox Chrome
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2012-4205 MEDIUM This Month

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mozilla Firefox Seamonkey Thunderbird +5
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2012-4206 MEDIUM This Month

Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2012-5479 MEDIUM This Month

The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Moodle
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2012-5471 MEDIUM PATCH This Month

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Moodle
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2012-5480 MEDIUM This Month

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Moodle
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2012-5526 MEDIUM This Month

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cgi Pm
NVD GitHub
CVSS 2.0
5.0
EPSS
1.7%
CVE-2012-4209 MEDIUM PATCH This Month

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Mozilla XSS Firefox Seamonkey Thunderbird +10
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2012-5841 MEDIUM PATCH This Month

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Mozilla XSS Firefox Seamonkey Thunderbird +10
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-4208 MEDIUM PATCH This Month

The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Mozilla Information Disclosure Google Firefox Seamonkey +7
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5473 MEDIUM PATCH This Month

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-5472 MEDIUM This Month

lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-5481 MEDIUM This Month

Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy