|
247221
|
4.9 |
MEDIUM
Network
|
xovis
|
pc2r_firmware
pc3_firmware
pc2_firmware
|
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE.
|
CWE-611
XXE
|
CVE-2018-11719
|
2024-11-21 12:43 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247222
|
8.8 |
HIGH
Network
|
xovis
|
pc2r_firmware
pc3_firmware
pc2_firmware
|
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2018-11718
|
2024-11-21 12:43 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247223
|
8.8 |
HIGH
Network
|
tencent
|
foxmail
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the t…
|
CWE-78
OS Command
|
CVE-2018-11616
|
2024-11-21 12:43 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247224
|
7.5 |
HIGH
Network
|
mosca_project
|
mosca
|
This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists withi…
|
CWE-185
Incorrect Regular Expression
|
CVE-2018-11615
|
2024-11-21 12:43 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247225
|
7.5 |
HIGH
Network
|
seasofsolutions
|
ip_camera_firmware
|
Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.
|
CWE-200
Information Exposure
|
CVE-2018-11654
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247226
|
9.8 |
CRITICAL
Network
|
seasofsolutions
|
ip_camera_firmware
|
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like …
|
CWE-200
Information Exposure
|
CVE-2018-11653
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247227
|
6.5 |
MEDIUM
Network
|
moderator_log_notes_project
|
moderator_log_notes
|
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and m…
|
CWE-352
Origin Validation Error
|
CVE-2018-11502
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247228
|
9.8 |
CRITICAL
Network
|
puppet
|
puppet_enterprise
|
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-11749
|
2024-11-21 12:43 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247229
|
8.1 |
HIGH
Network
|
apache
|
cayenne
|
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cay…
|
CWE-611
XXE
|
CVE-2018-11758
|
2024-11-21 12:43 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247230
|
9.8 |
CRITICAL
Network
|
asustor
|
asustor_data_master
|
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album…
|
CWE-89
SQL Injection
|
CVE-2018-11511
|
2024-11-21 12:43 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
