|
247561
|
9.8 |
CRITICAL
Network
|
gopro
|
gpmf-parser
|
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13008
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247562
|
9.8 |
CRITICAL
Network
|
gopro
|
gpmf-parser
|
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditi…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13007
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247563
|
9.8 |
CRITICAL
Network
|
debian
gpac
canonical
|
debian_linux
gpac
ubuntu_linux
|
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13006
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247564
|
9.8 |
CRITICAL
Network
|
debian
gpac
canonical
|
debian_linux
gpac
ubuntu_linux
|
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13005
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247565
|
6.1 |
MEDIUM
Network
|
opentsdb
|
opentsdb
|
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13003
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247566
|
6.1 |
MEDIUM
Network
|
sandoba
|
cp\
|
An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to t…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13001
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247567
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_desktop_central
|
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted …
|
CWE-20
Improper Input Validation
|
CVE-2018-12999
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247568
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_applications_manager
|
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12996
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247569
|
4.8 |
MEDIUM
Network
|
weblication
|
cms_core_\&_grid
|
An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. …
|
CWE-79
Cross-site Scripting
|
CVE-2018-13002
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247570
|
4.8 |
MEDIUM
Network
|
anelectron
|
advanced_electron_forum
|
An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private mes…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13000
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
