Skip to main content
CVE-2012-5613 MEDIUM POC THREAT This Month

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 88.8%.

Information Disclosure MariaDB MySQL
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
88.8%
Threat
5.4
CVE-2012-5612 MEDIUM POC THREAT This Month

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 66.8%.

Denial Of Service Buffer Overflow Oracle Memory Corruption RCE +6
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
66.8%
Threat
4.8
CVE-2012-5611 MEDIUM POC THREAT This Month

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 66.6%.

Buffer Overflow Oracle RCE MariaDB MySQL
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
66.6%
Threat
4.8
CVE-2012-5615 MEDIUM POC THREAT This Month

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

Information Disclosure Oracle MariaDB MySQL
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
20.7%
CVE-2012-5450 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Cms Made Simple
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5858 MEDIUM POC THREAT This Month

Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.5%.

Samsung Authentication Bypass Kies Air
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.5%
CVE-2012-5367 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP SQLi CSRF Orangehrm
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
1.5%
CVE-2012-5614 MEDIUM POC PATCH This Month

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Oracle MySQL MariaDB Enterprise Linux Desktop +4
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
8.5%
CVE-2012-5859 MEDIUM POC This Month

Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Samsung Denial Of Service Kies Air
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2012-5542 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Commerce Extra Panes
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5556 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Restful Web Services
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5547 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Search Api
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-5549 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Time Spent
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-5537 MEDIUM PATCH This Month

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE Simplenews Scheduler
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2012-1599 MEDIUM This Month

Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Joomla
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-5552 MEDIUM PATCH This Month

The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Password Policy
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5554 MEDIUM PATCH This Month

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Webform Civicrm
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-6065 MEDIUM PATCH This Month

The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable.

PHP RCE Om Maximenu
NVD
CVSS 2.0
4.6
EPSS
0.4%
CVE-2012-5551 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mailchimp
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5541 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Twitter Pull
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5540 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Hostip
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5548 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Time Spent
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5569 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Basic Webmail
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5543 MEDIUM PATCH This Month

The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Feeds
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-5544 MEDIUM PATCH This Month

The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mandrill
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy