|
250101
|
6.5 |
MEDIUM
Network
|
publiccms
|
publiccms
|
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
|
CWE-22
Path Traversal
|
CVE-2018-12494
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250102
|
6.5 |
MEDIUM
Network
|
publiccms
|
publiccms
|
An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
|
CWE-22
Path Traversal
|
CVE-2018-12493
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250103
|
7.5 |
HIGH
Network
|
phpok
|
phpok
|
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
|
CWE-20
Improper Input Validation
|
CVE-2018-12492
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250104
|
9.8 |
CRITICAL
Network
|
phpok
|
phpok
|
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12491
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250105
|
9.8 |
CRITICAL
Network
|
the_olive_tree_ftp_server_project
|
the_olive_tree_ftp_server
|
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboa…
|
CWE-200
Information Exposure
|
CVE-2018-12481
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250106
|
9.8 |
CRITICAL
Network
|
gnome
|
evolution
|
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12422
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250107
|
6.5 |
MEDIUM
Network
|
ffmpeg
|
ffmpeg
|
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to …
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-12460
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250108
|
6.5 |
MEDIUM
Network
|
ffmpeg
|
ffmpeg
|
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file…
|
CWE-20
Improper Input Validation
|
CVE-2018-12459
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250109
|
6.5 |
MEDIUM
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, l…
|
CWE-20
Improper Input Validation
|
CVE-2018-12458
|
2024-11-21 12:45 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250110
|
8.8 |
HIGH
Network
|
expresscart_project
|
expresscart
|
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12457
|
2024-11-21 12:45 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
