|
249151
|
4.8 |
MEDIUM
Network
|
anelectron
|
advanced_electron_forum
|
An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private mes…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13000
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249152
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
firewall_analyzer
manageengine_opmanager
manageengine_oputils
manageengine_network_configuration_manager
|
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUti…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12998
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249153
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_netflow_analyzer
firewall_analyzer
manageengine_opmanager
manageengine_oputils
manageengine_network_configuration_manager
|
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils …
|
CWE-200
Information Exposure
|
CVE-2018-12997
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249154
|
8.8 |
HIGH
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.
|
CWE-94
Code Injection
|
CVE-2018-12995
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249155
|
8.8 |
HIGH
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.
|
CWE-94
Code Injection
|
CVE-2018-12994
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249156
|
9.8 |
CRITICAL
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2018-12993
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249157
|
4.8 |
MEDIUM
Network
|
maelostore_project
|
maelostore
|
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12992
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249158
|
7.5 |
HIGH
Network
|
greencms
|
greencms
|
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.
|
CWE-20
Improper Input Validation
|
CVE-2018-12988
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249159
|
9.8 |
CRITICAL
Network
|
hycus_cms_project
|
hycus_cms
|
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.
|
CWE-287
Improper Authentication
|
CVE-2018-12984
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249160
|
7.8 |
HIGH
Local
|
podofo_project
|
podofo
|
A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12983
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
