Skip to main content
CVE-2012-5574 MEDIUM POC PATCH This Month

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Symfony
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5622 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Openshift
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5610 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
6.5
EPSS
1.1%
CVE-2012-5609 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
6.5
EPSS
1.0%
CVE-2012-4898 MEDIUM This Month

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mesh Os 1310 Distrubution Automation Mesh Router 1410 Mesh Router 1410 Wireless Mesh Router +5
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2012-5571 MEDIUM PATCH This Month

A flaw was found in OpenStack Keystone. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Elastic Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2012-5607 MEDIUM PATCH This Month

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5606 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-5608 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5563 MEDIUM PATCH This Month

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Folsom
NVD GitHub
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy