Skip to main content
CVE-2013-0431 MEDIUM POC KEV THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
5.3
EPSS
91.6%
Threat
6.8
CVE-2012-5958 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.6%.

Buffer Overflow Intel RCE Libupnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
88.6%
Threat
6.2
CVE-2012-5959 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.4%.

Buffer Overflow Intel RCE Portable Sdk For Upnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
82.4%
Threat
6.0
CVE-2013-0230 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.9%.

Buffer Overflow RCE Miniupnpd
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
65.9%
Threat
5.5
CVE-2012-5964 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Buffer Overflow Intel RCE Portable Sdk For Upnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
72.3%
Threat
5.7
CVE-2012-5963 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Buffer Overflow Intel RCE Portable Sdk For Upnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
72.3%
Threat
5.7
CVE-2012-5961 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Buffer Overflow Intel RCE Libupnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
72.3%
Threat
5.7
CVE-2012-5965 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Buffer Overflow Intel RCE Portable Sdk For Upnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
71.7%
Threat
5.7
CVE-2012-5962 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Buffer Overflow Intel RCE Portable Sdk For Upnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
70.1%
Threat
5.6
CVE-2012-6530 HIGH POC THREAT Act Now

Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 63.8%.

Buffer Overflow RCE Multi Server
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
63.8%
Threat
4.8
CVE-2013-0229 HIGH POC THREAT Act Now

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.3%.

Denial Of Service Miniupnpd
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
74.3%
Threat
5.3
CVE-2012-5960 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

Buffer Overflow Intel RCE Portable Sdk For Upnp
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
56.0%
Threat
5.2
CVE-2013-1591 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Integer Overflow Enterprise Virtualization Enterprise Linux +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2013-1489 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3% and no vendor patch available.

Mozilla Google Java Oracle Microsoft +4
NVD
CVSS 2.0
10.0
EPSS
17.3%
CVE-2012-6522 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

PHP Path Traversal W Cms
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
19.5%
CVE-2012-6526 HIGH POC This Week

SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Freelance Zone
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-6529 HIGH POC This Week

Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Marinet Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2012-6525 HIGH POC This Week

SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpbridges
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-6524 HIGH POC This Week

SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pgb
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-6528 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Atutor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.3%
CVE-2012-0204 CRITICAL Act Now

Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Infosphere Import Export Manager Infosphere Information Server Infosphere Information Server Metabrokers Bridges
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0930 HIGH This Week

Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Alphastor
NVD
CVSS 2.0
7.6
EPSS
7.7%
CVE-2012-6523 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS W Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-1462 HIGH This Week

Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Miniupnpd
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-1461 HIGH This Week

The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Miniupnpd
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2012-0705 HIGH This Week

InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Infosphere Information Server Infosphere Information Server Metabrokers Bridges
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2012-6527 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS My Calendar
NVD
CVSS 2.0
2.6
EPSS
0.4%
CVE-2012-0701 MEDIUM This Month

The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Datastage Infosphere Information Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2012-0205 MEDIUM This Month

InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service IBM Infosphere Information Server Infosphere Metadata Workbench
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2012-0703 MEDIUM This Month

Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Infosphere Information Server Infosphere Information Server Information Services Framework
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-1112 MEDIUM This Month

Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Carrier Routing System
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1490 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-1113 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6350 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Tm1
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-6029 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Nac Appliance
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4819 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Infosphere Business Glossary Infosphere Information Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-0203 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Infosphere Information Server Infosphere Metadata Workbench
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-0702 MEDIUM This Month

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Infosphere Information Server Infosphere Information Server Information Services Framework
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2012-4832 LOW Monitor

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure IBM Infosphere Business Glossary Infosphere Information Server
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-0700 LOW Monitor

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Authentication Bypass Infosphere Fasttrack Infosphere Information Server
NVD
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy