|
246861
|
6.5 |
MEDIUM
Network
|
linaro
debian
|
lava
debian_linux
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on…
|
CWE-20
Improper Input Validation
|
CVE-2018-12564
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246862
|
6.5 |
MEDIUM
Network
|
linaro
|
lava
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavas…
|
CWE-20
Improper Input Validation
|
CVE-2018-12563
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246863
|
9.8 |
CRITICAL
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary.…
|
CWE-20
Improper Input Validation
|
CVE-2018-12562
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246864
|
8.8 |
HIGH
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain p…
|
CWE-20
Improper Input Validation
|
CVE-2018-12561
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246865
|
6.5 |
MEDIUM
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/ker…
|
CWE-22
Path Traversal
|
CVE-2018-12560
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246866
|
8.8 |
HIGH
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIF…
|
CWE-22
Path Traversal
|
CVE-2018-12559
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246867
|
9.8 |
CRITICAL
Network
|
zuul-ci
|
zuul
|
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop var…
|
CWE-200
Information Exposure
|
CVE-2018-12557
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246868
|
9.8 |
CRITICAL
Network
|
quick_chat_project
|
quick_chat
|
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
|
CWE-89
SQL Injection
|
CVE-2018-12534
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246869
|
9.8 |
CRITICAL
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
|
CWE-94
Code Injection
|
CVE-2018-12531
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246870
|
6.5 |
MEDIUM
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
|
CWE-22
Path Traversal
|
CVE-2018-12530
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
