|
247921
|
10.0 |
CRITICAL
Network
|
gchq
|
stroom
|
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scannin…
|
CWE-611
XXE
|
CVE-2018-1000651
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247922
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack ap…
|
CWE-89
SQL Injection
|
CVE-2018-1000650
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247923
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000649
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247924
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may le…
|
CWE-269
Improper Privilege Management
|
CVE-2018-1000648
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247925
|
7.1 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable …
|
CWE-22
CWE-20
Path Traversal
Improper Input Validation
|
CVE-2018-1000647
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247926
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000646
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247927
|
6.5 |
MEDIUM
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive…
|
CWE-200
Information Exposure
|
CVE-2018-1000645
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247928
|
10.0 |
CRITICAL
Network
|
eclipse
|
rdf4j
|
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of se…
|
CWE-611
XXE
|
CVE-2018-1000644
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247929
|
6.1 |
MEDIUM
Network
|
flightairmap
|
flightairmap
|
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to da…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000642
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247930
|
9.8 |
CRITICAL
Network
|
yeswiki
|
yeswiki
|
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of infor…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000641
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
