|
247841
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP fi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000839
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247842
|
10.0 |
CRITICAL
Network
|
sleuthkit
|
autopsy
|
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This…
|
CWE-611
XXE
|
CVE-2018-1000838
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247843
|
10.0 |
CRITICAL
Network
|
obeo
|
uml_designer
|
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. …
|
CWE-611
XXE
|
CVE-2018-1000837
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247844
|
9.0 |
CRITICAL
Network
|
apereo
|
bw-calendar-engine
|
bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of …
|
CWE-611
XXE
|
CVE-2018-1000836
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247845
|
10.0 |
CRITICAL
Network
|
keepassdx
|
keepass_dx
|
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
|
CWE-611
XXE
|
CVE-2018-1000835
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247846
|
9.0 |
CRITICAL
Network
|
runelite
|
runelite
|
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of…
|
CWE-611
XXE
|
CVE-2018-1000834
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247847
|
9.8 |
CRITICAL
Network
|
zoneminder
|
zoneminder
|
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000833
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247848
|
9.8 |
CRITICAL
Network
|
zoneminder
|
zoneminder
|
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000832
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247849
|
10.0 |
CRITICAL
Network
|
k9mail
|
k-9_mail
|
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This …
|
CWE-611
XXE
|
CVE-2018-1000831
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247850
|
10.0 |
CRITICAL
Network
|
xr3player_project
|
xr3player
|
XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
|
CWE-611
XXE
|
CVE-2018-1000830
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
