|
248431
|
7.5 |
HIGH
Network
|
textpattern
|
textpattern
|
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources.…
|
CWE-611
XXE
|
CVE-2018-1000090
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248432
|
4.8 |
MEDIUM
Network
|
wolfcms
|
wolf_cms
|
WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000087
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248433
|
8.8 |
HIGH
Network
|
cryptonote
|
cryptonote
|
CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any command…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000093
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248434
|
7.4 |
HIGH
Network
|
django-anymail_project
|
django-anymail
|
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-1000089
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248435
|
6.1 |
MEDIUM
Network
|
doorkeeper_project
|
doorkeeper
|
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000088
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248436
|
8.8 |
HIGH
Network
|
npr
|
pym.js
|
NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/ma…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000086
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248437
|
5.5 |
MEDIUM
Local
|
clamav
debian
canonical
|
clamav
debian_linux
ubuntu_linux
|
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit cha…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-1000085
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248438
|
5.4 |
MEDIUM
Network
|
wolfcms
|
wolf_cms
|
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000084
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248439
|
5.3 |
MEDIUM
Network
|
ajenti
|
ajenti
|
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via…
|
CWE-22
Path Traversal
|
CVE-2018-1000083
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248440
|
8.8 |
HIGH
Network
|
ajenti
|
ajenti
|
Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the serve…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000082
|
2024-11-21 12:39 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
