|
247321
|
9.8 |
CRITICAL
Network
|
canon
|
lbp7110cw_firmware
|
A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: …
|
CWE-287
Improper Authentication
|
CVE-2018-12048
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247322
|
6.1 |
MEDIUM
Network
|
ximdex
|
ximdex
|
xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12047
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247323
|
7.5 |
HIGH
Network
|
dedecms
|
dedecms
|
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a n…
|
CWE-20
Improper Input Validation
|
CVE-2018-12046
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247324
|
9.8 |
CRITICAL
Network
|
dedecms
|
dedecms
|
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12045
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247325
|
7.5 |
HIGH
Network
|
mediatek
|
awus036nh_firmware
|
An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames.
|
CWE-20
Improper Input Validation
|
CVE-2018-12041
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247326
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12043
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247327
|
7.5 |
HIGH
Network
|
roxyfileman
|
roxy_fileman
|
Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter.
|
CWE-22
Path Traversal
|
CVE-2018-12042
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247328
|
9.8 |
CRITICAL
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring.
|
CWE-89
SQL Injection
|
CVE-2018-12039
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247329
|
7.8 |
HIGH
Local
|
owasp
|
dependency-check
|
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
|
CWE-22
CWE-123
Path Traversal
Write-what-where Condition
|
CVE-2018-12036
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247330
|
9.8 |
CRITICAL
Network
|
eaton
|
intelligent_power_manager
|
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware …
|
CWE-22
Path Traversal
|
CVE-2018-12031
|
2024-11-21 12:44 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
