|
247971
|
7.2 |
HIGH
Network
|
phpbb debian
|
phpbb debian_linux
|
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin …
|
CWE-502 CWE-1321
Deserialization of Untrusted Data Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2018-19274
|
2024-11-21 12:57 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247972
|
6.5 |
MEDIUM
Network
|
srcms_project
|
srcms
|
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges.
|
CWE-352
Origin Validation Error
|
CVE-2018-19319
|
2024-11-21 12:57 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247973
|
8.8 |
HIGH
Network
|
srcms_project
|
srcms
|
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
|
CWE-352
Origin Validation Error
|
CVE-2018-19318
|
2024-11-21 12:57 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247974
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
|
CWE-89
SQL Injection
|
CVE-2018-19312
|
2024-11-21 12:57 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247975
|
5.4 |
MEDIUM
Network
|
centreon
|
centreon
|
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19311
|
2024-11-21 12:57 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247976
|
8.8 |
HIGH
Network
|
phpmailer_project debian fedoraproject wordpress
|
phpmailer debian_linux fedora wordpress
|
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
|
CWE-502 CWE-1321
Deserialization of Untrusted Data Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2018-19296
|
2024-11-21 12:57 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247977
|
6.1 |
MEDIUM
Network
|
tp4a
|
teleport
|
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19301
|
2024-11-21 12:57 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247978
|
6.5 |
MEDIUM
Network
|
dilicms
|
dilicms
|
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-19291
|
2024-11-21 12:57 |
2018-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247979
|
6.1 |
MEDIUM
Network
|
valine.js
|
valine
|
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19289
|
2024-11-21 12:57 |
2018-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247980
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_opmanager
|
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19288
|
2024-11-21 12:57 |
2018-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|