|
248131
|
8.8 |
HIGH
Network
|
icmsdev
|
icms
|
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
|
CWE-352
Origin Validation Error
|
CVE-2018-10117
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248132
|
8.8 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10114
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248133
|
7.5 |
HIGH
Network
|
gegl
|
generic_graphics_library
|
An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocat…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10113
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248134
|
8.8 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10112
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248135
|
7.5 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10111
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248136
|
4.8 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10109
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248137
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-815_firmware
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10108
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248138
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-815_firmware
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10107
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248139
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-815_firmware
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.ph…
|
CWE-200
Information Exposure
|
CVE-2018-10106
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248140
|
6.1 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10102
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
