|
247791
|
7.5 |
HIGH
Network
|
frontaccounting
|
frontaccounting
|
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the applicat…
|
CWE-89
SQL Injection
|
CVE-2018-1000890
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247792
|
8.8 |
HIGH
Network
|
logisim-evolution_project
|
logisim-evolution
|
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that…
|
CWE-611
XXE
|
CVE-2018-1000889
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247793
|
4.8 |
MEDIUM
Network
|
peel
|
peel_shopping
|
Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000887
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247794
|
9.8 |
CRITICAL
Network
|
battelle
|
v2i_hub
|
Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, whi…
|
CWE-89
SQL Injection
|
CVE-2018-1000631
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247795
|
8.8 |
HIGH
Network
|
php
canonical
debian
|
pear_archive_tar
ubuntu_linux
debian_linux
|
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as fil…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000888
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247796
|
7.2 |
HIGH
Network
|
battelle
|
v2i_hub
|
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using t…
|
CWE-89
SQL Injection
|
CVE-2018-1000630
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247797
|
6.1 |
MEDIUM
Network
|
battelle
|
v2i_hub
|
Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacke…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000629
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247798
|
9.8 |
CRITICAL
Network
|
battelle
|
v2i_hub
|
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array usi…
|
NVD-CWE-noinfo
|
CVE-2018-1000628
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247799
|
9.8 |
CRITICAL
Network
|
battelle
|
v2i_hub
|
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obt…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-1000627
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247800
|
9.8 |
CRITICAL
Network
|
battelle
|
v2i_hub
|
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability usi…
|
NVD-CWE-noinfo
|
CVE-2018-1000626
|
2024-11-21 12:40 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
