Skip to main content
CVE-2012-6339 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ftp Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5642 HIGH PATCH This Week

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fail2Ban
NVD GitHub
CVSS 2.0
7.5
EPSS
1.6%
CVE-2012-4688 HIGH This Week

The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oplynx
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-6371 LOW POC Monitor

The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure N900 Wireless Router
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-6453 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rssreader
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-6337 LOW Monitor

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Samsungdive
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-6336 LOW Monitor

The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer.". Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lookout
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-6335 LOW Monitor

The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer.". Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Avg Antivirus
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-6334 LOW Monitor

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide. Rated low severity (CVSS 2.9). No vendor patch available.

Privilege Escalation Samsung Google Samsungdive
NVD
CVSS 2.0
2.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy