Skip to main content
CVE-2012-6081 MEDIUM POC PATCH THREAT This Month

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.6%.

File Upload RCE Moinmoin
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
73.6%
Threat
4.9
CVE-2012-6495 MEDIUM POC PATCH This Month

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal RCE Moinmoin
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
9.9%
CVE-2012-6433 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP XSS E107
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6434 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF SQLi PHP E107
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-2379 CRITICAL PATCH Act Now

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Cxf
NVD
CVSS 2.0
10.0
EPSS
3.8%
CVE-2012-5653 MEDIUM POC PATCH This Month

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Drupal Debian Linux
NVD
CVSS 2.0
6.0
EPSS
0.6%
CVE-2012-5655 MEDIUM POC PATCH This Month

The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Context
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5667 MEDIUM POC PATCH This Month

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. Rated medium severity (CVSS 4.4). Public exploit code available.

Buffer Overflow RCE Grep
NVD Exploit-DB
CVSS 2.0
4.4
EPSS
2.2%
CVE-2012-5665 MEDIUM POC PATCH This Month

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Privilege Escalation Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6082 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Moinmoin
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6080 MEDIUM PATCH This Month

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Moinmoin
NVD
CVSS 2.0
6.4
EPSS
1.5%
CVE-2012-4545 MEDIUM This Month

The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Elinks
NVD
CVSS 2.0
5.1
EPSS
0.5%
CVE-2012-5651 MEDIUM PATCH This Month

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drupal
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-5652 MEDIUM PATCH This Month

Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Drupal
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5666 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-5654 MEDIUM PATCH This Month

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nodewords
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy