|
247571
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
firewall_analyzer
manageengine_opmanager
manageengine_oputils
manageengine_network_configuration_manager
|
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUti…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12998
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247572
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_netflow_analyzer
firewall_analyzer
manageengine_opmanager
manageengine_oputils
manageengine_network_configuration_manager
|
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils …
|
CWE-200
Information Exposure
|
CVE-2018-12997
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247573
|
8.8 |
HIGH
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.
|
CWE-94
Code Injection
|
CVE-2018-12995
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247574
|
8.8 |
HIGH
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.
|
CWE-94
Code Injection
|
CVE-2018-12994
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247575
|
9.8 |
CRITICAL
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2018-12993
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247576
|
4.8 |
MEDIUM
Network
|
maelostore_project
|
maelostore
|
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12992
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247577
|
7.5 |
HIGH
Network
|
greencms
|
greencms
|
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.
|
CWE-20
Improper Input Validation
|
CVE-2018-12988
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247578
|
9.8 |
CRITICAL
Network
|
hycus_cms_project
|
hycus_cms
|
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.
|
CWE-287
Improper Authentication
|
CVE-2018-12984
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247579
|
7.8 |
HIGH
Local
|
podofo_project
|
podofo
|
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12983
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247580
|
5.5 |
MEDIUM
Local
|
podofo_project
|
podofo
|
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12982
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
