14 matches found
CVE-2026-12112
creationtimestamp| type| source ---|---|--- 2026-06-24 05:16:13+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116803382310129567...
CVE-2018-12112
mdbuildattribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service Segmentation fault and application crash or possibly have unspecified other impact via a crafted file...
CVE-2025-12112
creationtimestamp| type| source ---|---|--- 2025-11-08 05:45:26+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m53vashd7pk2 2025-11-08 06:29:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m53xpqkk2k2x...
CVE-2024-12112
creationtimestamp| type| source ---|---|--- 2025-01-08 03:39:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/621 2025-01-08 04:15:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7ciujp5l22 2025-01-08 05:46:57+00:00| seen| https://t.me/cvedetector/14649...
CVE-2024-12112 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...
CVE-2024-12112
CVE-2024-12112 (Easy Form Builder for WordPress) Stored Cross-Site Scripting vulnerability in the add_form_Emsfb AJAX action occurs via the name parameter. Affected: Easy Form Builder plugin for WordPress (all versions up to 3.8.8). Root cause: insufficient input sanitization and output escaping ...
Directory traversal
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...
CVE-2020-12112
BigBlueButton had an LFI/vulnerability in versions before 2.2.5 (CVE-2020-12112). Connected sources also describe a related issue (CVE-2020-12443) where case-insensitive handling of presFilename/presfilename enables directory traversal to bigbluebutton.properties, enabling reading of arbitrary fi...
CVE-2019-12112
creationtimestamp| type| source ---|---|--- 2020-03-18 22:01:17+00:00| seen| https://t.me/cibsecurity/10601...
CVE-2018-12112
mdbuildattribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service Segmentation fault and application crash or possibly have unspecified other impact via a crafted file...
CVE-2018-12112
mdbuildattribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service Segmentation fault and application crash or possibly have unspecified other impact via a crafted file...
CVE-2018-12112
The vulnerability CVE-2018-12112 affects md4c 0.2.6. Root cause: the function md_build_attribute in md4c.c allows a crafted file to trigger a denial of service (segmentation fault and application crash) and possibly other impact. Impact is a crash/DoS; exploitation is remote via crafted input. No...
CVE-2017-12112
The CVE-2017-12112 entry corresponds to an authorization bypass in cpp-ethereum’s JSON-RPC admin_addPeer API. Talos reports an improper authorization check in AdminNet::admin_addPeer that allows a remote attacker to trigger restricted functionality without credentials, with the call binding to 0....
CPP-Ethereum JSON-RPC admin_addPeer Authorization Bypass Vulnerability(CVE-2017-12112)
Summary An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...