|
248001
|
6.1 |
MEDIUM
Network
|
joplin_project
|
joplin
|
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Not…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000534
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248002
|
9.8 |
CRITICAL
Network
|
gitlist
|
gitlist
|
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This att…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000533
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248003
|
4.7 |
MEDIUM
Local
|
beep_project
|
beep
|
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by oth…
|
CWE-22
Path Traversal
|
CVE-2018-1000532
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248004
|
7.5 |
HIGH
Network
|
inversoft
|
prime-jwt
|
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000531
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248005
|
6.1 |
MEDIUM
Network
|
grails
|
grails_fields
|
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000529
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248006
|
6.1 |
MEDIUM
Network
|
debian
gonicus
|
debian_linux
gosa
|
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in in…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000528
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248007
|
7.2 |
HIGH
Network
|
froxlor
|
froxlor
|
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be ex…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000527
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248008
|
7.5 |
HIGH
Network
|
openpsa2
|
openpsa
|
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulner…
|
CWE-91
Blind XPath Injection
|
CVE-2018-1000526
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248009
|
9.8 |
CRITICAL
Network
|
openpsa2
|
openpsa
|
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000525
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248010
|
5.5 |
MEDIUM
Local
|
spheredev
|
minisphere
|
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploit…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-1000524
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
