|
248591
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12533
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248592
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource'…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12532
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248593
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12525
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248594
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12524
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248595
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12523
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248596
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12522
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248597
|
9.8 |
CRITICAL
Network
|
ecos
|
system_management_appliance
|
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote roo…
|
NVD-CWE-noinfo
|
CVE-2018-12338
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248598
|
4.6 |
MEDIUM
Physics
|
ecos
|
secure_boot_stick_firmware
|
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.
|
CWE-200
Information Exposure
|
CVE-2018-12337
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248599
|
9.8 |
CRITICAL
Network
|
ecos
|
secure_boot_stick_firmware
|
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
|
CWE-200
Information Exposure
|
CVE-2018-12336
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248600
|
7.3 |
HIGH
Adjacent
|
ecos
|
system_management_appliance
|
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestri…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12335
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
