|
248221
|
6.1 |
MEDIUM
Network
|
veronalabs
|
wp_statistics
|
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which co…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000556
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248222
|
9.8 |
CRITICAL
Network
|
trovebox
|
trovebox
|
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP reques…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-1000554
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248223
|
8.8 |
HIGH
Network
|
trovebox
|
trovebox
|
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-1000553
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248224
|
8.8 |
HIGH
Network
|
trovebox
|
trovebox
|
Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerabilit…
|
CWE-89
SQL Injection
|
CVE-2018-1000552
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248225
|
8.8 |
HIGH
Network
|
trovebox
|
trovebox
|
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This …
|
NVD-CWE-noinfo
|
CVE-2018-1000551
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248226
|
9.8 |
CRITICAL
Network
|
sympa
debian
|
sympa
debian_linux
|
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify fil…
|
CWE-22
Path Traversal
|
CVE-2018-1000550
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248227
|
5.3 |
MEDIUM
Network
|
wekan_project
|
wekan
|
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to ob…
|
CWE-200
Information Exposure
|
CVE-2018-1000549
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248228
|
7.8 |
HIGH
Local
|
umlet
|
umlet
|
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack…
|
CWE-611
XXE
|
CVE-2018-1000548
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248229
|
5.3 |
MEDIUM
Network
|
corebos
|
corebos
|
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000547
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248230
|
7.8 |
HIGH
Local
|
triplea-game
|
triplea
|
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote c…
|
CWE-611
XXE
|
CVE-2018-1000546
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
