|
247951
|
5.5 |
MEDIUM
Local
|
nasm
|
netwide_assembler
|
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-1000667
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247952
|
5.9 |
MEDIUM
Network
|
dsub_for_subsonic_project
|
dsub_for_subsonic
|
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate,…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-1000664
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247953
|
9.8 |
CRITICAL
Network
|
openvcloud_project
gig
|
openvcloud
jumpscale
|
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command I…
|
CWE-78
OS Command
|
CVE-2018-1000666
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247954
|
6.1 |
MEDIUM
Network
|
dojotoolkit
|
dojo
|
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and test…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000665
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247955
|
6.5 |
MEDIUM
Network
|
jsish
|
jsish
|
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-1000663
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247956
|
6.5 |
MEDIUM
Network
|
jsish
|
jsish
|
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-1000661
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247957
|
7.5 |
HIGH
Network
|
tockos
|
tock
|
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000660
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247958
|
8.8 |
HIGH
Network
|
limesurvey
|
limesurvey
|
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution …
|
CWE-22
Path Traversal
|
CVE-2018-1000659
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247959
|
8.8 |
HIGH
Network
|
limesurvey
|
limesurvey
|
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitabl…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000658
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247960
|
8.8 |
HIGH
Network
|
wordpress
|
wordpress
|
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. Th…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000773
|
2024-11-21 12:40 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
