|
247741
|
3.1 |
LOW
Physics
|
dropbox
|
dropbox
|
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from …
|
CWE-287
Improper Authentication
|
CVE-2018-12445
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247742
|
8.8 |
HIGH
Network
|
codenx
|
shopnx
|
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12519
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247743
|
6.5 |
MEDIUM
Network
|
akcms_project
|
akcms
|
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.
|
CWE-352
Origin Validation Error
|
CVE-2018-12583
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247744
|
8.8 |
HIGH
Network
|
akcms_project
|
akcms
|
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-12582
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247745
|
6.1 |
MEDIUM
Network
|
dragonbyte-tech
|
vbsecurity
|
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12580
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247746
|
9.8 |
CRITICAL
Network
|
sam2p_project
|
sam2p
|
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12578
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247747
|
8.8 |
HIGH
Network
|
linaro
debian
|
lava
debian_linux
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
|
CWE-20
Improper Input Validation
|
CVE-2018-12565
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247748
|
6.5 |
MEDIUM
Network
|
linaro
debian
|
lava
debian_linux
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on…
|
CWE-20
Improper Input Validation
|
CVE-2018-12564
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247749
|
6.5 |
MEDIUM
Network
|
linaro
|
lava
|
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavas…
|
CWE-20
Improper Input Validation
|
CVE-2018-12563
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247750
|
9.8 |
CRITICAL
Network
|
cantata_project
|
cantata
|
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary.…
|
CWE-20
Improper Input Validation
|
CVE-2018-12562
|
2024-11-21 12:45 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
