|
247861
|
5.3 |
MEDIUM
Network
|
hashicorp
|
packer
|
An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security be…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15869
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247862
|
8.1 |
HIGH
Network
|
hazzardweb
|
easylogin_pro
|
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the k…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15576
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247863
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that fil…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15605
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247864
|
5.5 |
MEDIUM
Local
|
tecrail
|
responsive_filemanager
|
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary f…
|
CWE-22
Path Traversal
|
CVE-2018-15536
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247865
|
7.5 |
HIGH
Network
|
tecrail
|
responsive_filemanager
|
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutrali…
|
CWE-22
Path Traversal
|
CVE-2018-15535
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247866
|
8.8 |
HIGH
Network
|
couchbase
|
couchbase_server
|
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang cod…
|
CWE-94
Code Injection
|
CVE-2018-15728
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247867
|
7.5 |
HIGH
Network
|
ffmpeg
debian
canonical
|
ffmpeg
debian_linux
ubuntu_linux
|
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
|
CWE-617
Reachable Assertion
|
CVE-2018-15822
|
2024-11-21 12:51 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247868
|
5.5 |
MEDIUM
Local
|
accupos
|
accupos
|
AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical r…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15809
|
2024-11-21 12:51 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247869
|
9.8 |
CRITICAL
Network
|
posim
|
evo
|
POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availa…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-15808
|
2024-11-21 12:51 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247870
|
7.8 |
HIGH
Local
|
posim
|
evo
|
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed local…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2018-15807
|
2024-11-21 12:51 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
