|
247961
|
6.5 |
MEDIUM
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
|
CWE-22
Path Traversal
|
CVE-2018-12530
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247962
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12533
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247963
|
9.8 |
CRITICAL
Network
|
redhat
|
richfaces
|
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource'…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-12532
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247964
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12525
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247965
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12524
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247966
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12523
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247967
|
5.3 |
MEDIUM
Network
|
perfsonar
|
monitoring_and_debugging_dashboard
|
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
|
CWE-200
Information Exposure
|
CVE-2018-12522
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247968
|
9.8 |
CRITICAL
Network
|
ecos
|
system_management_appliance
|
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote roo…
|
NVD-CWE-noinfo
|
CVE-2018-12338
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247969
|
4.6 |
MEDIUM
Physics
|
ecos
|
secure_boot_stick_firmware
|
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.
|
CWE-200
Information Exposure
|
CVE-2018-12337
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247970
|
9.8 |
CRITICAL
Network
|
ecos
|
secure_boot_stick_firmware
|
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
|
CWE-200
Information Exposure
|
CVE-2018-12336
|
2024-11-21 12:45 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
