|
247251
|
9.8 |
CRITICAL
Network
|
cloudmedia
|
popcorn_a-200_firmware
|
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attac…
|
NVD-CWE-noinfo
|
CVE-2018-12072
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247252
|
9.8 |
CRITICAL
Network
|
codeigniter
|
codeigniter
|
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
|
CWE-384
Session Fixation
|
CVE-2018-12071
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247253
|
7.0 |
HIGH
Local
|
phusion
debian
|
passenger
debian_linux
|
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently st…
|
CWE-362
Race Condition
|
CVE-2018-12029
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247254
|
7.8 |
HIGH
Local
|
phusion
|
passenger
|
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrar…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12028
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247255
|
8.8 |
HIGH
Network
|
phusion
|
passenger
|
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process th…
|
CWE-200
CWE-732
Information Exposure
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12027
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247256
|
9.8 |
CRITICAL
Network
|
phusion
|
passenger
|
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning comm…
|
CWE-59
Link Following
|
CVE-2018-12026
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247257
|
8.4 |
HIGH
Local
|
redislabs
|
redis
|
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is uncle…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12326
|
2024-11-21 12:44 |
2018-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247258
|
7.8 |
HIGH
Local
|
virustotal
|
yara
|
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12035
|
2024-11-21 12:44 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247259
|
7.8 |
HIGH
Local
|
virustotal
|
yara
|
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12034
|
2024-11-21 12:44 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247260
|
5.4 |
MEDIUM
Network
|
chevereto
|
chevereto
|
Chevereto Free before 1.0.13 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12030
|
2024-11-21 12:44 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
