|
246461
|
4.9 |
MEDIUM
Network
|
yxcms
|
yxcms
|
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-13025
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246462
|
7.2 |
HIGH
Network
|
metinfo
|
metinfo
|
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-13024
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246463
|
7.2 |
HIGH
Network
|
hongcms_project
|
hongcms
|
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-13021
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246464
|
7.8 |
HIGH
Local
|
safensoft
|
enterprise_suite
tpsecure
syswatch
|
Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite befo…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-13014
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246465
|
7.8 |
HIGH
Local
|
safensoft
|
syswatch
tpsecure
enterprise_suite
|
Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenS…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2018-13013
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246466
|
8.1 |
HIGH
Network
|
safensoft
|
softcontrol_enterprise_suite
softcontrol_tpsecure
softcontrol_syswatch
|
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite befor…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2018-13012
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246467
|
9.8 |
CRITICAL
Network
|
gopro
|
gpmf-parser
|
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13011
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246468
|
8.8 |
HIGH
Network
|
wstmall
|
wstmall
|
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.
|
CWE-352
Origin Validation Error
|
CVE-2018-13010
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246469
|
9.8 |
CRITICAL
Network
|
gopro
|
gpmf-parser
|
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13009
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246470
|
9.8 |
CRITICAL
Network
|
gopro
|
gpmf-parser
|
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13008
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
