Skip to main content
CVE-2012-0698 MEDIUM POC THREAT This Month

tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.9%.

Buffer Overflow Denial Of Service Trousers
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
18.9%
CVE-2012-5520 HIGH POC This Week

The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openvas Manager
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2012-6041 MEDIUM POC This Month

Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Greenbrowser
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
4.9%
CVE-2012-6039 HIGH POC This Week

SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Image Hosting Script
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-6038 MEDIUM POC PATCH This Month

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Razorcms
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.5%
CVE-2012-2437 MEDIUM POC This Month

cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Ar Web Content Manager
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.2%
CVE-2012-6044 MEDIUM POC This Month

M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service M Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.8%
CVE-2012-6042 MEDIUM POC This Month

GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Gpsmapedit
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.0%
CVE-2012-2438 MEDIUM POC This Month

ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Ar Web Content Manager
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-6043 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Php Fusion
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-6040 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS File King Advanced File Management
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy