|
247891
|
5.4 |
MEDIUM
Network
|
easycms_project
|
easycms
|
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10527
|
2024-11-21 12:41 |
2018-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247892
|
7.5 |
HIGH
Network
|
uetoken
|
useless_ethereum_token
|
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into the…
|
CWE-20
Improper Input Validation
|
CVE-2018-10468
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247893
|
5.5 |
MEDIUM
Local
|
gnu
redhat
|
binutils
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
|
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10534
|
2024-11-21 12:41 |
2018-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247894
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajax_get_templates.php, /modules/DesignManager/action.ajax_get_stylesheets.php, …
|
CWE-200
Information Exposure
|
CVE-2018-10523
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247895
|
4.9 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the produc…
|
CWE-200
Information Exposure
|
CVE-2018-10522
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247896
|
2.7 |
LOW
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-10521
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247897
|
6.5 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, beca…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10520
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247898
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10519
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247899
|
6.5 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, becaus…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10518
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247900
|
7.2 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can…
|
CWE-94
Code Injection
|
CVE-2018-10517
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
