|
248161
|
6.1 |
MEDIUM
Network
|
ximdex
|
ximdex
|
xowl/request.php in Ximdex 4.0 has XSS via the content parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12272
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248162
|
9.8 |
CRITICAL
Network
|
acccheck_project
|
acccheck.pl
|
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.
|
CWE-78
OS Command
|
CVE-2018-12268
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248163
|
6.1 |
MEDIUM
Network
|
hongcms_project
|
hongcms
|
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12266
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248164
|
8.8 |
HIGH
Network
|
exiv2
debian
canonical
|
exiv2
debian_linux
ubuntu_linux
|
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2018-12265
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248165
|
8.8 |
HIGH
Network
|
exiv2
debian
canonical
|
exiv2
debian_linux
ubuntu_linux
|
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2018-12264
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248166
|
8.8 |
HIGH
Network
|
portfoliocms_project
|
portfoliocms
|
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12263
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248167
|
4.4 |
MEDIUM
Local
|
apollotechnologiesinc
|
momentum_axel_720p_firmware
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.
|
CWE-269
Improper Privilege Management
|
CVE-2018-12261
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248168
|
6.7 |
MEDIUM
Local
|
apollotechnologiesinc
|
momentum_axel_720p_firmware
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all de…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-12260
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248169
|
6.8 |
MEDIUM
Physics
|
apollotechnologiesinc
|
momentum_axel_720p_firmware
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12259
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248170
|
6.8 |
MEDIUM
Physics
|
apollotechnologiesinc
|
momentum_axel_720p_firmware
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inse…
|
NVD-CWE-noinfo
|
CVE-2018-12258
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
