Skip to main content
CVE-2012-6274 MEDIUM POC THREAT This Month

BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.3%.

Authentication Bypass Bigant Im Message Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
75.3%
Threat
4.8
CVE-2013-0108 MEDIUM POC THREAT This Month

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 61.4%.

Honeywell Code Injection RCE Enterprise Buildings Integrator Symmetre +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
61.4%
Threat
4.7
CVE-2012-5647 MEDIUM POC PATCH This Month

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Red Hat Open Redirect Openshift Openshift Origin
NVD GitHub
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-5337 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Jforum
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6073 MEDIUM PATCH This Month

Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Jenkins
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-0247 MEDIUM PATCH This Month

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Keystone Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2013-0220 MEDIUM This Month

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sssd
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2012-6128 MEDIUM This Month

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Openconnect
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-0118 MEDIUM This Month

CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cs Cart
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-0786 MEDIUM This Month

The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bugzilla
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-2697 MEDIUM This Month

Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-6093 MEDIUM This Month

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Qt Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
2.3%
CVE-2012-5624 MEDIUM This Month

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Qt Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2012-6121 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Webmail
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0785 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Bugzilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6072 MEDIUM PATCH This Month

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Code Injection Jenkins
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-0212 MEDIUM PATCH This Month

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Image Registry And Delivery Service Glance Ubuntu Linux
NVD GitHub
CVSS 2.0
4.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy