|
248161
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack ap…
|
CWE-89
SQL Injection
|
CVE-2018-1000650
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248162
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000649
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248163
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may le…
|
CWE-269
Improper Privilege Management
|
CVE-2018-1000648
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248164
|
7.1 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable …
|
CWE-22
CWE-20
Path Traversal
Improper Input Validation
|
CVE-2018-1000647
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248165
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000646
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248166
|
6.5 |
MEDIUM
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive…
|
CWE-200
Information Exposure
|
CVE-2018-1000645
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248167
|
10.0 |
CRITICAL
Network
|
eclipse
|
rdf4j
|
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of se…
|
CWE-611
XXE
|
CVE-2018-1000644
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248168
|
6.1 |
MEDIUM
Network
|
flightairmap
|
flightairmap
|
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to da…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000642
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248169
|
9.8 |
CRITICAL
Network
|
yeswiki
|
yeswiki
|
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of infor…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000641
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248170
|
6.1 |
MEDIUM
Network
|
villagedefrance
|
opencart-overclocked
|
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000640
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
