|
248471
|
5.7 |
MEDIUM
Network
|
nmap
|
nmap
|
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is runn…
|
CWE-22
Path Traversal
|
CVE-2018-1000161
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248472
|
6.1 |
MEDIUM
Network
|
risingstack
|
protect
|
RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as s…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000160
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248473
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000158
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248474
|
7.8 |
HIGH
Local
|
oisf
|
suricata-update
|
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000167
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248475
|
5.9 |
MEDIUM
Network
|
tlslite-ng_project
|
tlslite-ng
|
tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlsli…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2018-1000159
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248476
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Creat…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000170
|
2024-11-21 12:39 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248477
|
5.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confir…
|
CWE-200
Information Exposure
|
CVE-2018-1000169
|
2024-11-21 12:39 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248478
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge
|
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft E…
|
NVD-CWE-noinfo
|
CVE-2018-0998
|
2024-11-21 12:39 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248479
|
7.5 |
HIGH
Network
|
microsoft
|
internet_explorer
|
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-0997
|
2024-11-21 12:39 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248480
|
7.5 |
HIGH
Network
|
microsoft
|
internet_explorer
|
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-0996
|
2024-11-21 12:39 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
