|
247281
|
9.6 |
CRITICAL
Network
|
sonos
|
sonos_firmware
|
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to…
|
CWE-20
Improper Input Validation
|
CVE-2018-11316
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247282
|
9.6 |
CRITICAL
Network
|
roku
|
roku_firmware
|
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be e…
|
CWE-20
Improper Input Validation
|
CVE-2018-11314
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247283
|
9.8 |
CRITICAL
Network
|
puppet
|
discovery
|
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This c…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-11746
|
2024-11-21 12:43 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247284
|
9.8 |
CRITICAL
Network
|
asustor
|
adm
|
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
|
CWE-78
OS Command
|
CVE-2018-11510
|
2024-11-21 12:43 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247285
|
7.8 |
HIGH
Local
|
siemens
|
scalance_m875_firmware
|
A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires…
|
NVD-CWE-noinfo
|
CVE-2018-11449
|
2024-11-21 12:43 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247286
|
4.8 |
MEDIUM
Network
|
siemens
|
scalance_m875_firmware
|
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into a…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11448
|
2024-11-21 12:43 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247287
|
8.8 |
HIGH
Network
|
siemens
|
scalance_m875_firmware
|
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into a…
|
CWE-352
Origin Validation Error
|
CVE-2018-11447
|
2024-11-21 12:43 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247288
|
9.8 |
CRITICAL
Network
|
centreon
|
centreon_web
centreon
|
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId paramet…
|
CWE-89
SQL Injection
|
CVE-2018-11589
|
2024-11-21 12:43 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247289
|
5.4 |
MEDIUM
Network
|
centreon
|
centreon_web
centreon
|
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11588
|
2024-11-21 12:43 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247290
|
9.8 |
CRITICAL
Network
|
centreon
|
centreon_web
centreon
|
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
|
CWE-94
Code Injection
|
CVE-2018-11587
|
2024-11-21 12:43 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
