|
248341
|
5.3 |
MEDIUM
Adjacent
|
eminent-online
|
em4544
|
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this is…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12073
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248342
|
9.8 |
CRITICAL
Network
|
cloudmedia
|
popcorn_a-200_firmware
|
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attac…
|
NVD-CWE-noinfo
|
CVE-2018-12072
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248343
|
9.8 |
CRITICAL
Network
|
codeigniter
|
codeigniter
|
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
|
CWE-384
Session Fixation
|
CVE-2018-12071
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248344
|
7.0 |
HIGH
Local
|
phusion
debian
|
passenger
debian_linux
|
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently st…
|
CWE-362
Race Condition
|
CVE-2018-12029
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248345
|
7.8 |
HIGH
Local
|
phusion
|
passenger
|
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrar…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12028
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248346
|
8.8 |
HIGH
Network
|
phusion
|
passenger
|
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process th…
|
CWE-200
CWE-732
Information Exposure
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12027
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248347
|
9.8 |
CRITICAL
Network
|
phusion
|
passenger
|
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning comm…
|
CWE-59
Link Following
|
CVE-2018-12026
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248348
|
8.4 |
HIGH
Local
|
redislabs
|
redis
|
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is uncle…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12326
|
2024-11-21 12:44 |
2018-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248349
|
7.8 |
HIGH
Local
|
virustotal
|
yara
|
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12035
|
2024-11-21 12:44 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248350
|
7.8 |
HIGH
Local
|
virustotal
|
yara
|
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12034
|
2024-11-21 12:44 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
