|
247371
|
9.8 |
CRITICAL
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2018-12993
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247372
|
4.8 |
MEDIUM
Network
|
maelostore_project
|
maelostore
|
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12992
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247373
|
7.5 |
HIGH
Network
|
greencms
|
greencms
|
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.
|
CWE-20
Improper Input Validation
|
CVE-2018-12988
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247374
|
9.8 |
CRITICAL
Network
|
hycus_cms_project
|
hycus_cms
|
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.
|
CWE-287
Improper Authentication
|
CVE-2018-12984
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247375
|
7.8 |
HIGH
Local
|
podofo_project
|
podofo
|
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12983
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247376
|
5.5 |
MEDIUM
Local
|
podofo_project
|
podofo
|
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12982
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247377
|
6.1 |
MEDIUM
Network
|
opentsdb
|
opentsdb
|
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12973
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247378
|
9.8 |
CRITICAL
Network
|
opentsdb
|
opentsdb
|
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.
|
CWE-78
OS Command
|
CVE-2018-12972
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247379
|
6.5 |
MEDIUM
Network
|
easycms
|
easycms
|
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
|
CWE-352
Origin Validation Error
|
CVE-2018-12971
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247380
|
7.5 |
HIGH
Network
|
gnu
|
binutils
|
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-12934
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
