Skip to main content
CVE-2012-4528 MEDIUM POC THREAT This Month

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

PHP Apache Authentication Bypass Modsecurity Opensuse +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.5%
CVE-2012-3873 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Openconstructor
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2012-3872 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Openconstructor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-4932 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Simple Invoices
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6369 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS 1Password
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-3871 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Openconstructor
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-5445 MEDIUM This Month

The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service Cisco Skinny Client Control Protocol Software Unified Ip Phone +1
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-0741 MEDIUM PATCH This Month

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure IBM Security Appscan Rational Policy Tester
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-0738 MEDIUM PATCH This Month

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure IBM Security Appscan Rational Policy Tester
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-3870 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Openconstructor
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy