Skip to main content
CVE-2012-5691 CRITICAL POC THREAT Emergency

Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.9%.

Buffer Overflow RCE Realplayer Realplayer Sp
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
76.9%
Threat
5.7
CVE-2012-5991 MEDIUM POC THREAT This Month

screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.1%.

Denial Of Service Cisco Wireless Lan Controller Software 2000 Wireless Lan Controller 2100 Wireless Lan Controller +6
NVD Exploit-DB
CVSS 2.0
6.3
EPSS
14.1%
CVE-2012-4534 LOW POC PATCH THREAT Monitor

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.8%.

Tomcat Denial Of Service Apache Java
NVD
CVSS 2.0
2.6
EPSS
22.8%
CVE-2012-5992 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF XSS Cisco Wireless Lan Controller Software 2000 Wireless Lan Controller +7
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-5967 MEDIUM POC This Month

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centreon
NVD GitHub Exploit-DB
CVSS 2.0
6.5
EPSS
0.2%
CVE-2012-5690 CRITICAL Act Now

RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Realplayer Realplayer Sp
NVD
CVSS 2.0
9.3
EPSS
3.4%
CVE-2012-6007 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Cisco XSS Wireless Lan Controller Software 2000 Wireless Lan Controller 2100 Wireless Lan Controller +6
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.5%
CVE-2012-5178 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Welcart Plugin
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4431 MEDIUM PATCH This Month

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

CSRF Privilege Escalation Java Apache Tomcat
NVD
CVSS 2.0
4.3
EPSS
9.8%
CVE-2012-5970 MEDIUM This Month

The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service E585 E585U 82
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2012-5978 MEDIUM This Month

Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal View
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5968 MEDIUM This Month

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure E585 E585U 82
NVD
CVSS 2.0
4.8
EPSS
0.1%
CVE-2012-5969 MEDIUM This Month

Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Path Traversal E585 E585U 82
NVD
CVSS 2.0
4.8
EPSS
0.1%
CVE-2012-3546 MEDIUM PATCH This Month

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat Privilege Escalation Apache Java
NVD
CVSS 2.0
4.3
EPSS
2.2%
CVE-2012-4846 MEDIUM PATCH This Month

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Lotus Notes
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-5177 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Welcart Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4848 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Foundations Start
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-3329 LOW Monitor

IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure IBM Advanced Settings Utility Bootable Media Creator
NVD
CVSS 2.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy