Skip to main content
CVE-2012-6275 CRITICAL POC THREAT Emergency

Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Buffer Overflow Bigant Im Message Server
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
76.5%
Threat
5.8
CVE-2012-4705 CRITICAL POC THREAT Emergency

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.4%.

Path Traversal RCE Codesys Gateway Server
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
70.4%
Threat
5.6
CVE-2012-0439 CRITICAL POC THREAT Emergency

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.3%.

Code Injection RCE Groupwise
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
68.3%
Threat
5.4
CVE-2012-6274 MEDIUM POC THREAT This Month

BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.3%.

Authentication Bypass Bigant Im Message Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
75.3%
Threat
4.8
CVE-2013-0108 MEDIUM POC THREAT This Month

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 61.4%.

Honeywell Code Injection RCE Enterprise Buildings Integrator Symmetre +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
61.4%
Threat
4.7
CVE-2013-0804 CRITICAL POC THREAT Emergency

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.2%.

Denial Of Service Command Injection RCE Groupwise
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
33.2%
Threat
4.5
CVE-2012-4704 CRITICAL Act Now

Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.1% and no vendor patch available.

RCE Codesys Gateway Server
NVD
CVSS 2.0
10.0
EPSS
12.1%
CVE-2012-4708 CRITICAL Act Now

Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Codesys Gateway Server
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2012-4707 CRITICAL Act Now

3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Codesys Gateway Server
NVD
CVSS 2.0
10.0
EPSS
6.7%
CVE-2012-5647 MEDIUM POC PATCH This Month

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Red Hat Open Redirect Openshift Openshift Origin
NVD GitHub
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-0113 CRITICAL Act Now

Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Pdf Reader Pdf Reader Plus
NVD
CVSS 2.0
9.3
EPSS
2.7%
CVE-2012-5337 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Jforum
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0120 HIGH This Week

The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerconnect 6248P
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2012-4706 HIGH This Week

Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Codesys Gateway Server
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2012-5646 HIGH This Week

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Information Disclosure Openshift Openshift Origin
NVD GitHub
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-6273 HIGH This Week

SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bigant Im Message Server
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-6073 MEDIUM PATCH This Month

Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Jenkins
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-0247 MEDIUM PATCH This Month

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Keystone Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2013-0220 MEDIUM This Month

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sssd
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2012-6128 MEDIUM This Month

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Openconnect
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-0118 MEDIUM This Month

CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cs Cart
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-0786 MEDIUM This Month

The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bugzilla
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-2697 MEDIUM This Month

Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-6093 MEDIUM This Month

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Qt Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
2.3%
CVE-2012-5624 MEDIUM This Month

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Qt Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2012-6121 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Webmail
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0785 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Bugzilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6072 MEDIUM PATCH This Month

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Code Injection Jenkins
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-0212 MEDIUM PATCH This Month

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Image Registry And Delivery Service Glance Ubuntu Linux
NVD GitHub
CVSS 2.0
4.0
EPSS
1.2%
CVE-2013-0219 LOW Monitor

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a. Rated low severity (CVSS 3.7). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD
CVSS 2.0
3.7
EPSS
0.1%
CVE-2013-0164 LOW Monitor

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift Openshift Origin
NVD GitHub
CVSS 2.0
3.6
EPSS
0.1%
CVE-2012-6074 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Jenkins XSS
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-0158 LOW PATCH Monitor

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Jenkins
NVD GitHub
CVSS 2.0
2.6
EPSS
0.7%
CVE-2012-5658 LOW Monitor

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift Openshift Origin
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy