Skip to main content
CVE-2012-2099 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.7%.

XSS Wikidforum
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
26.7%
CVE-2012-6509 HIGH POC This Week

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Portal
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.9%
CVE-2012-6437 CRITICAL Act Now

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

Rockwell Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
11.8%
CVE-2012-6519 HIGH POC This Week

SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Diy Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.8%
CVE-2012-6504 HIGH POC This Week

SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Volunteer Management
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.4%
CVE-2012-6520 HIGH POC This Week

Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wikidforum
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2012-6516 HIGH POC This Week

SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Ticket System
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-6507 HIGH POC This Week

Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Churchcms
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-6518 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Diy Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2012-1922 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Wlm 2501
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-6508 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Car Portal
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-6085 MEDIUM POC This Month

The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Gnupg
NVD
CVSS 2.0
5.8
EPSS
2.3%
CVE-2012-6438 HIGH Act Now

The device does not properly validate the data being sent to the buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.4% and no vendor patch available.

Buffer Overflow Rockwell
NVD VulDB
CVSS 3.1
7.5
EPSS
13.4%
CVE-2012-6436 HIGH Act Now

The device does not properly validate the data being sent to the buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.4% and no vendor patch available.

Buffer Overflow Rockwell
NVD VulDB
CVSS 3.1
7.5
EPSS
13.4%
CVE-2012-6503 CRITICAL PATCH Act Now

Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla!. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Com Ninjaxplorer
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-0842 CRITICAL Act Now

Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-0840 CRITICAL Act Now

Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Chrome
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2012-6517 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Diy Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.2%
CVE-2012-6505 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Php Volunteer Management
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.0%
CVE-2012-6442 HIGH Act Now

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.3% and no vendor patch available.

Rockwell Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
10.3%
CVE-2012-6510 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Car Portal
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.1%
CVE-2012-6506 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Zingiri Web Shop
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.7%
CVE-2013-1104 CRITICAL Act Now

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco 2000 Wireless Lan Controller 2100 Wireless Lan Controller 2500 Wireless Lan Controller +6
NVD
CVSS 2.0
9.0
EPSS
1.2%
CVE-2012-6512 MEDIUM POC This Month

The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Organizer
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-1105 CRITICAL Act Now

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Wireless Lan Controller Software 2000 Wireless Lan Controller 2100 Wireless Lan Controller +4
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2012-6515 MEDIUM POC This Month

eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Efront
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-6435 HIGH This Week

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
7.0%
CVE-2012-6439 HIGH This Week

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Controllogix Controllers Guardlogix Controllers Micrologix +14
NVD
CVSS 2.0
8.5
EPSS
0.6%
CVE-2012-6513 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Gpeasy Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-6511 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Organizer
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6514 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Com Netinvoice
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6521 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Elefantcms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1103 HIGH This Week

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software 2000 Wireless Lan Controller 2100 Wireless Lan Controller +6
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-1102 HIGH This Week

The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software 2000 Wireless Lan Controller 2100 Wireless Lan Controller +6
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2013-0843 HIGH This Week

content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-0839 HIGH This Week

Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-0841 HIGH This Week

Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-6441 MEDIUM This Month

An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Controllogix Controllers Guardlogix Controllers Micrologix +14
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2012-6440 MEDIUM This Month

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Rockwell Authentication Bypass
NVD VulDB
CVSS 3.1
4.8
EPSS
1.2%
CVE-2012-5670 MEDIUM This Month

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Freetype
NVD
CVSS 2.0
4.3
EPSS
3.0%
CVE-2012-5668 MEDIUM This Month

FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Freetype
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2012-5669 MEDIUM This Month

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Freetype
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2012-6095 LOW Monitor

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Race Condition Proftpd
NVD
CVSS 2.0
1.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy