|
246521
|
5.4 |
MEDIUM
Network
|
cyberark
|
endpoint_privilege_manager
|
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen,…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12903
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246522
|
6.1 |
MEDIUM
Network
|
easymagazine_project
|
easymagazine
|
In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12902
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246523
|
8.8 |
HIGH
Network
|
libtiff
canonical
|
libtiff
ubuntu_linux
|
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12900
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246524
|
8.8 |
HIGH
Network
|
wordpress
debian
|
wordpress
debian_linux
|
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can de…
|
CWE-22
Path Traversal
|
CVE-2018-12895
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246525
|
9.8 |
CRITICAL
Network
|
ccn-lite
|
ccn-lite
|
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCN…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12889
|
2024-11-21 12:46 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246526
|
6.5 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
|
CWE-269
Improper Privilege Management
|
CVE-2018-12884
|
2024-11-21 12:46 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246527
|
9.8 |
CRITICAL
Network
|
php
canonical
netapp
|
php
ubuntu_linux
storage_automation_store
|
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closi…
|
CWE-416
Use After Free
|
CVE-2018-12882
|
2024-11-21 12:46 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246528
|
5.4 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request agains…
|
-
|
CVE-2018-12475
|
2024-11-21 12:45 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246529
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting i…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-12371
|
2024-11-21 12:45 |
2020-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246530
|
7.5 |
HIGH
Network
|
suse
|
obs-service-tar_scm
|
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the mach…
|
CWE-22
Path Traversal
|
CVE-2018-12476
|
2024-11-21 12:45 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
