|
246511
|
7.5 |
HIGH
Network
|
tibco
|
activematrix_businessworks
activematrix_businessworks_distribution_for_tibco_silver_fabric
|
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO…
|
CWE-611
XXE
|
CVE-2018-12408
|
2024-11-21 12:45 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246512
|
8.8 |
HIGH
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string …
|
CWE-78
OS Command
|
CVE-2018-12483
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246513
|
8.8 |
HIGH
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
|
CWE-89
SQL Injection
|
CVE-2018-12482
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246514
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a la…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12607
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246515
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of outpu…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12606
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246516
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12605
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246517
|
5.3 |
MEDIUM
Network
|
navercorp
|
whale
|
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious we…
|
CWE-20
Improper Input Validation
|
CVE-2018-12448
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246518
|
7.2 |
HIGH
Network
|
microfocus
|
groupwise
|
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12468
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246519
|
6.5 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12467
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246520
|
6.5 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12466
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
