|
253481
|
9.8 |
CRITICAL
Network
|
theolivetree
|
ftp_server
|
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-11544
|
2024-11-21 12:43 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253482
|
8.8 |
HIGH
Network
|
jigowatt
|
php_login_\&_user_management
|
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11392
|
2024-11-21 12:43 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253483
|
9.8 |
CRITICAL
Network
|
md4c_project
|
md4c
|
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11536
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253484
|
9.8 |
CRITICAL
Network
|
sitemakin
|
slac
|
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.
|
CWE-89
SQL Injection
|
CVE-2018-11535
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253485
|
6.1 |
MEDIUM
Network
|
changuondyu_advanced_statistics_project
|
changuondyu_advanced_statistics
|
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11532
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253486
|
9.8 |
CRITICAL
Network
|
exiv2 debian canonical
|
exiv2 debian_linux ubuntu_linux
|
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11531
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253487
|
9.8 |
CRITICAL
Network
|
wuzhicms
|
wuzhi_cms
|
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
|
CWE-89
SQL Injection
|
CVE-2018-11528
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253488
|
8.8 |
HIGH
Network
|
cscms_project
|
cscms
|
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /…
|
CWE-352
Origin Validation Error
|
CVE-2018-11527
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253489
|
9.8 |
CRITICAL
Network
|
nuuo
|
nvrmini_2_firmware
|
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11523
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253490
|
7.5 |
HIGH
Network
|
dtsearch
|
dtsearch
|
A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-11488
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|