|
246591
|
7.5 |
HIGH
Network
|
dedecms
|
dedecms
|
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a n…
|
CWE-20
Improper Input Validation
|
CVE-2018-12046
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246592
|
9.8 |
CRITICAL
Network
|
dedecms
|
dedecms
|
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12045
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246593
|
7.5 |
HIGH
Network
|
mediatek
|
awus036nh_firmware
|
An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames.
|
CWE-20
Improper Input Validation
|
CVE-2018-12041
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246594
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12043
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246595
|
7.5 |
HIGH
Network
|
roxyfileman
|
roxy_fileman
|
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.
|
CWE-22
Path Traversal
|
CVE-2018-12042
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246596
|
9.8 |
CRITICAL
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring.
|
CWE-89
SQL Injection
|
CVE-2018-12039
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246597
|
7.8 |
HIGH
Local
|
owasp
|
dependency-check
|
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
|
CWE-22
CWE-123
Path Traversal
Write-what-where Condition
|
CVE-2018-12036
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246598
|
9.8 |
CRITICAL
Network
|
eaton
|
intelligent_power_manager
|
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware …
|
CWE-22
Path Traversal
|
CVE-2018-12031
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246599
|
7.5 |
HIGH
Network
|
gnome
|
epiphany
|
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
|
NVD-CWE-noinfo
|
CVE-2018-12016
|
2024-11-21 12:44 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246600
|
7.5 |
HIGH
Network
|
canonical
debian
perl
archive\
apple
netapp
|
ubuntu_linux
debian_linux
perl
\
mac_os_x
snap_creator_framework
data_ontap_edge
snapdrive
oncommand_workflow_automation
|
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink a…
|
CWE-59
Link Following
|
CVE-2018-12015
|
2024-11-21 12:44 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
