|
246661
|
8.8 |
HIGH
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain p…
|
CWE-20
Improper Input Validation
|
CVE-2018-12561
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246662
|
6.5 |
MEDIUM
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/ker…
|
CWE-22
Path Traversal
|
CVE-2018-12560
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246663
|
8.8 |
HIGH
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIF…
|
CWE-22
Path Traversal
|
CVE-2018-12559
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246664
|
9.8 |
CRITICAL
Network
|
zuul-ci
|
zuul
|
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop var…
|
CWE-200
Information Exposure
|
CVE-2018-12557
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246665
|
9.8 |
CRITICAL
Network
|
quick_chat_project
|
quick_chat
|
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
|
CWE-89
SQL Injection
|
CVE-2018-12534
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246666
|
9.8 |
CRITICAL
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
|
CWE-94
Code Injection
|
CVE-2018-12531
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246667
|
6.5 |
MEDIUM
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
|
CWE-22
Path Traversal
|
CVE-2018-12530
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246668
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12533
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246669
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource'…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12532
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246670
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12525
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
