|
246631
|
6.3 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of …
|
CWE-362
Race Condition
|
CVE-2018-12633
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246632
|
5.3 |
MEDIUM
Network
|
redatam
|
redatam
|
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.
|
CWE-200
Information Exposure
|
CVE-2018-12632
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246633
|
7.5 |
HIGH
Network
|
redatam
|
redatam
|
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
|
CWE-22
Path Traversal
|
CVE-2018-12631
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246634
|
9.8 |
CRITICAL
Network
|
nmark
|
nmcms
|
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
|
CWE-89
SQL Injection
|
CVE-2018-12630
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246635
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS atta…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12581
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246636
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pag…
|
CWE-287
Improper Authentication
|
CVE-2018-12613
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246637
|
7.5 |
HIGH
Network
|
qemu
canonical
debian
|
qemu
ubuntu_linux
debian_linux
|
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fau…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-12617
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246638
|
5.3 |
MEDIUM
Network
|
phusion
|
passenger
|
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12615
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246639
|
9.8 |
CRITICAL
Network
|
telesquare
|
sdt-cs3b1_firmware
sdt-cw3b1_firmware
|
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-12526
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246640
|
7.5 |
HIGH
Network
|
njtech
|
greencms
|
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-12604
|
2024-11-21 12:45 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
