|
253321
|
7.5 |
HIGH
Network
|
genesis_vision
|
gvtoken
|
GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-11335
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253322
|
8.8 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.
|
CWE-89
SQL Injection
|
CVE-2018-11643
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253323
|
7.8 |
HIGH
Local
|
dialogic
|
powermedia_xms
|
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-11642
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253324
|
9.8 |
CRITICAL
Network
|
dialogic
|
powermedia_xms
|
Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a we…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11641
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253325
|
9.1 |
CRITICAL
Network
|
dialogic
|
powermedia_xms
|
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption…
|
CWE-611
XXE
|
CVE-2018-11640
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253326
|
8.1 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers t…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-11639
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253327
|
7.2 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11638
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253328
|
7.5 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exist…
|
CWE-59
Link Following
|
CVE-2018-11637
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253329
|
8.8 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
|
CWE-352
Origin Validation Error
|
CVE-2018-11636
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253330
|
9.8 |
CRITICAL
Network
|
dialogic
|
powermedia_xms
|
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows rem…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11635
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|