|
246581
|
9.8 |
CRITICAL
Network
|
creatiwity
|
witycms
|
A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing …
|
CWE-20
Improper Input Validation
|
CVE-2018-12065
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246582
|
9.8 |
CRITICAL
Network
|
tinyexr_project
|
tinyexr
|
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12064
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246583
|
9.8 |
CRITICAL
Network
|
schools_alert_management_script_project
|
schools_alert_management_script
|
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
|
CWE-89
SQL Injection
|
CVE-2018-12055
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246584
|
7.5 |
HIGH
Network
|
schools_alert_management_script_project
|
schools_alert_management_script
|
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
|
CWE-22
Path Traversal
|
CVE-2018-12054
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246585
|
7.5 |
HIGH
Network
|
schools_alert_management_script_project
|
schools_alert_management_script
|
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
|
CWE-22
Path Traversal
|
CVE-2018-12053
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246586
|
9.8 |
CRITICAL
Network
|
schools_alert_management_script_project
|
schools_alert_management_script
|
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
|
CWE-89
SQL Injection
|
CVE-2018-12052
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246587
|
9.8 |
CRITICAL
Network
|
schools_alert_management_script_project
|
schools_alert_management_script
|
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg co…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12051
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246588
|
9.8 |
CRITICAL
Network
|
canon
|
lbp6030w_firmware
|
A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOT…
|
CWE-287
Improper Authentication
|
CVE-2018-12049
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246589
|
9.8 |
CRITICAL
Network
|
canon
|
lbp7110cw_firmware
|
A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: …
|
CWE-287
Improper Authentication
|
CVE-2018-12048
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246590
|
6.1 |
MEDIUM
Network
|
ximdex
|
ximdex
|
xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12047
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
