|
247641
|
9.8 |
CRITICAL
Network
|
quick_chat_project
|
quick_chat
|
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
|
CWE-89
SQL Injection
|
CVE-2018-12534
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247642
|
9.8 |
CRITICAL
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
|
CWE-94
Code Injection
|
CVE-2018-12531
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247643
|
6.5 |
MEDIUM
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
|
CWE-22
Path Traversal
|
CVE-2018-12530
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247644
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12533
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247645
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource'…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12532
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247646
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12525
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247647
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12524
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247648
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12523
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247649
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12522
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247650
|
9.8 |
CRITICAL
Network
|
ecos
|
system_management_appliance
|
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote roo…
|
NVD-CWE-noinfo
|
CVE-2018-12338
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
