|
247731
|
8.8 |
HIGH
Network
|
openwrt
|
openwrt
|
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-11116
|
2024-11-21 12:42 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247732
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an …
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2018-10945
|
2024-11-21 12:42 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247733
|
7.5 |
HIGH
Network
|
strongswan
debian
canonical
fedoraproject
|
strongswan
debian_linux
ubuntu_linux
fedora
|
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
|
CWE-909
Missing Initialization of Resource
|
CVE-2018-10811
|
2024-11-21 12:42 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247734
|
9.8 |
CRITICAL
Network
|
redislabs
debian
oracle
redhat
|
redis
debian_linux
communications_operations_monitor
openstack
|
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-11219
|
2024-11-21 12:42 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247735
|
9.8 |
CRITICAL
Network
|
redislabs
debian
oracle
redhat
|
redis
debian_linux
communications_operations_monitor
openstack
|
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11218
|
2024-11-21 12:42 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247736
|
9.8 |
CRITICAL
Network
|
etere
|
etereweb
|
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
|
CWE-89
SQL Injection
|
CVE-2018-10997
|
2024-11-21 12:42 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247737
|
9.8 |
CRITICAL
Network
|
genetechsolutions
|
pie_register
|
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
|
CWE-89
SQL Injection
|
CVE-2018-10969
|
2024-11-21 12:42 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247738
|
5.4 |
MEDIUM
Network
|
pandorafms
|
artica_pandora_fms
|
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agent…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11223
|
2024-11-21 12:42 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247739
|
7.5 |
HIGH
Network
|
artica
|
pandora_fms
|
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.
|
CWE-20
Improper Input Validation
|
CVE-2018-11222
|
2024-11-21 12:42 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247740
|
9.8 |
CRITICAL
Network
|
artica
|
pandora_fms
|
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11221
|
2024-11-21 12:42 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
