|
247341
|
9.8 |
CRITICAL
Network
|
opendesa
|
opensid
|
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-13038
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247342
|
7.8 |
HIGH
Local
|
jpeg-compressor_project
|
jpeg_compressor
|
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibl…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-13037
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247343
|
5.5 |
MEDIUM
Local
|
gnu
redhat
|
binutils
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
openshift_container_platform
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) vi…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-13033
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247344
|
8.8 |
HIGH
Network
|
ecessa
|
shieldlink_sl175ehq_firmware
|
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-13032
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247345
|
5.3 |
MEDIUM
Network
|
phpwcms
|
phpwcms
|
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.
|
CWE-200
Information Exposure
|
CVE-2018-12990
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247346
|
7.8 |
HIGH
Local
|
jpeg-compressor_project
|
jpeg_compressor
|
An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or p…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-13030
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247347
|
9.8 |
CRITICAL
Network
|
gopro
|
gpmf-parser
|
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Type.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13026
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247348
|
4.9 |
MEDIUM
Network
|
yxcms
|
yxcms
|
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-13025
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247349
|
7.2 |
HIGH
Network
|
metinfo
|
metinfo
|
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-13024
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247350
|
7.2 |
HIGH
Network
|
hongcms_project
|
hongcms
|
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-13021
|
2024-11-21 12:46 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
