Skip to main content
CVE-2012-5533 MEDIUM POC PATCH THREAT This Month

The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.9%.

Denial Of Service Lighttpd
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
37.9%
CVE-2012-2239 CRITICAL PATCH Act Now

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XXE Mahara Debian Linux
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2012-0960 HIGH This Week

Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Unity Firefox Extension
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2012-2246 MEDIUM This Month

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP CSRF Mahara
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-2244 MEDIUM PATCH This Month

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Mahara
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2012-4522 MEDIUM This Month

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ruby
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-3433 MEDIUM This Month

Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-4538 MEDIUM This Month

The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-2243 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

RCE XSS Mahara
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-6037 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mahara
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2247 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mahara
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2253 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Mahara
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-0959 LOW Monitor

Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Remote Login Service
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy