CVE-2018-12112

mdbuildattribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service Segmentation fault and application crash or possibly have unspecified other impact via a crafted file...

CVE-2025-12112

creationtimestamp| type| source ---|---|--- 2025-11-08 05:45:26+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m53vashd7pk2 2025-11-08 06:29:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m53xpqkk2k2x...

CVE-2024-12112

creationtimestamp| type| source ---|---|--- 2025-01-08 03:39:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/621 2025-01-08 04:15:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7ciujp5l22 2025-01-08 05:46:57+00:00| seen| https://t.me/cvedetector/14649...

CVE-2024-12112

CVE-2024-12112 (Easy Form Builder for WordPress) Stored Cross-Site Scripting vulnerability in the add_form_Emsfb AJAX action occurs via the name parameter. Affected: Easy Form Builder plugin for WordPress (all versions up to 3.8.8). Root cause: insufficient input sanitization and output escaping ...

CVE-2024-12112 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...

Directory traversal

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

CVE-2020-12112

BigBlueButton had an LFI/vulnerability in versions before 2.2.5 (CVE-2020-12112). Connected sources also describe a related issue (CVE-2020-12443) where case-insensitive handling of presFilename/presfilename enables directory traversal to bigbluebutton.properties, enabling reading of arbitrary fi...

CVE-2019-12112

creationtimestamp| type| source ---|---|--- 2020-03-18 22:01:17+00:00| seen| https://t.me/cibsecurity/10601...

CVE-2018-12112

mdbuildattribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service Segmentation fault and application crash or possibly have unspecified other impact via a crafted file...

CVE-2018-12112

mdbuildattribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service Segmentation fault and application crash or possibly have unspecified other impact via a crafted file...

CVE-2018-12112

The vulnerability CVE-2018-12112 affects md4c 0.2.6. Root cause: the function md_build_attribute in md4c.c allows a crafted file to trigger a denial of service (segmentation fault and application crash) and possibly other impact. Impact is a crash/DoS; exploitation is remote via crafted input. No...

CVE-2017-12112

The CVE-2017-12112 entry corresponds to an authorization bypass in cpp-ethereum’s JSON-RPC admin_addPeer API. Talos reports an improper authorization check in AdminNet::admin_addPeer that allows a remote attacker to trigger restricted functionality without credentials, with the call binding to 0....

CPP-Ethereum JSON-RPC admin_addPeer Authorization Bypass Vulnerability(CVE-2017-12112)

Summary An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...