|
253561
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11380
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253562
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11379
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253563
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11378
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253564
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11377
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253565
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11376
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253566
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11375
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253567
|
9.8 |
CRITICAL
Network
|
iscripts
|
eswap
|
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
|
CWE-89
SQL Injection
|
CVE-2018-11373
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253568
|
9.8 |
CRITICAL
Network
|
iscripts
|
eswap
|
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
|
CWE-89
SQL Injection
|
CVE-2018-11372
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253569
|
8.8 |
HIGH
Network
|
skycaiji
|
skycaiji
|
SkyCaiji 1.2 allows CSRF to add an Administrator user.
|
CWE-352
Origin Validation Error
|
CVE-2018-11371
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253570
|
9.8 |
CRITICAL
Network
|
pbootcms
|
pbootcms
|
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
|
CWE-89
SQL Injection
|
CVE-2018-11369
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|