CVE-2018-12298

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

CVE-2019-12298

Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write 1024 bytes via a modified input file...

CVE-2025-12298 code-projects Simple Food Ordering System editcategory.php cross site scripting

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

CVE-2024-12298 Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer

We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...

CVE-2024-12298 Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer

We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...

CVE-2024-12298

The CVE-2024-12298 issue is an XXE vulnerability (CWE-611) in Omron NB-series NX-Designer / NB-Designer. The root cause is improper restriction of XML external entity references, enabling disclosure of confidential data on the host when a specially crafted file is opened. Affected software includ...

Oracle Linux 8 : cloud-init (ELSA-2023-12298)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-12298 advisory. 22.1-6.0.4.el87.2 - Fix log file permissions Orabug: 35302985 22.1-6.0.3.el87.2 - Fix CVE-2023-1786 Orabug: 35302985 Tenable has extracted the preceding...

CVE-2020-12298

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

CVE-2019-12298

creationtimestamp| type| source ---|---|--- 2019-05-23 14:48:21+00:00| seen| https://t.me/cvemitreorg/183...

CVE-2019-12298

The CVE-2019-12298 entry concerns Leanify 0.4.3, where a vulnerability allows remote attackers to trigger an out-of-bounds write of 1024 bytes by supplying a modified input file. The issue is caused by input handling that can write beyond allocated memory, potentially impacting availability and i...

CVE-2018-12298

creationtimestamp| type| source ---|---|--- 2019-05-13 16:26:17+00:00| seen| https://t.me/cibsecurity/4265...

CVE-2018-12298

CVE-2018-12298: Directory traversal in Seagate NAS OS filebrowser (v4.3.15.1) allows reading files inside the app container via crafted URL paths. Root cause appears to be improper URL path handling. Affects filebrowser component; impact includes partial confidentiality (C in CVSS). CVSS data pre...

CVE-2018-12298

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

CVE-2017-12298

CVE-2017-12298 affects Cisco WebEx Meeting Center. The issue is cross-site scripting (XSS) caused by insufficient input validation in parameters passed to the web server, allowing an unauthenticated, remote attacker to trick a user into following a malicious link or inject code into requests. Exp...

AWStats 6.2-6.1 - configdir Command Injection

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

AWStats (6.1-6.2) configdir Remote Command Execution

No description provided by source. $Id: awstatsconfigdirexec.rb 7970 2009-12-26 03:31:20Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

AWStats configdir Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...

CVE-2020-12298

This CVE entry is rejected/not used and does not represent an active vulnerability entry.