|
248041
|
8.0 |
HIGH
Network
|
dolibarr
|
dolibarr
|
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
|
CWE-862
Missing Authorization
|
CVE-2018-10092
|
2024-11-21 12:40 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248042
|
7.8 |
HIGH
Local
|
estsoft
|
alzip
|
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFIL…
|
CWE-426
Untrusted Search Path
|
CVE-2018-10027
|
2024-11-21 12:40 |
2018-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248043
|
8.8 |
HIGH
Network
|
intenogroup
|
iopsys_firmware
|
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
|
NVD-CWE-noinfo
|
CVE-2018-10123
|
2024-11-21 12:40 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248044
|
7.5 |
HIGH
Network
|
haproxy
redhat
|
haproxy
enterprise_linux
|
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only appl…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10184
|
2024-11-21 12:40 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248045
|
8.8 |
HIGH
Network
|
tp-link
|
eap_controller
|
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administra…
|
CWE-269
Improper Privilege Management
|
CVE-2018-10168
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248046
|
7.5 |
HIGH
Network
|
tp-link
|
eap_controller
|
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-10167
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248047
|
8.8 |
HIGH
Network
|
tp-link
|
eap_controller
|
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submi…
|
CWE-352
Origin Validation Error
|
CVE-2018-10166
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248048
|
5.4 |
MEDIUM
Network
|
tp-link
|
eap_controller
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10165
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248049
|
5.4 |
MEDIUM
Network
|
tp-link
|
eap_controller
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10164
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248050
|
7.8 |
HIGH
Local
|
7-zip
|
7-zip
|
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) …
|
CWE-665
CWE-908
Improper Initialization
Use of Uninitialized Resource
|
CVE-2018-10115
|
2024-11-21 12:40 |
2018-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
