Skip to main content
CVE-2012-5991 MEDIUM POC THREAT This Month

screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.1%.

Denial Of Service Cisco Wireless Lan Controller Software 2000 Wireless Lan Controller 2100 Wireless Lan Controller +6
NVD Exploit-DB
CVSS 2.0
6.3
EPSS
14.1%
CVE-2012-5992 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF XSS Cisco Wireless Lan Controller Software 2000 Wireless Lan Controller +7
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-5967 MEDIUM POC This Month

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centreon
NVD GitHub Exploit-DB
CVSS 2.0
6.5
EPSS
0.2%
CVE-2012-6007 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Cisco XSS Wireless Lan Controller Software 2000 Wireless Lan Controller 2100 Wireless Lan Controller +6
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.5%
CVE-2012-5178 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that complete a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Welcart Plugin
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4431 MEDIUM PATCH This Month

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

CSRF Privilege Escalation Java Apache Tomcat
NVD
CVSS 2.0
4.3
EPSS
9.8%
CVE-2012-5970 MEDIUM This Month

The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service E585 E585U 82
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2012-5978 MEDIUM This Month

Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal View
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5968 MEDIUM This Month

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure E585 E585U 82
NVD
CVSS 2.0
4.8
EPSS
0.1%
CVE-2012-5969 MEDIUM This Month

Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Huawei Path Traversal E585 E585U 82
NVD
CVSS 2.0
4.8
EPSS
0.1%
CVE-2012-3546 MEDIUM PATCH This Month

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat Privilege Escalation Apache Java
NVD
CVSS 2.0
4.3
EPSS
2.2%
CVE-2012-4846 MEDIUM PATCH This Month

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Lotus Notes
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-5177 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Welcart Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy