|
246381
|
8.8 |
HIGH
Network
|
douco
|
douphp
|
DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.
|
CWE-352
Origin Validation Error
|
CVE-2018-20419
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246382
|
7.5 |
HIGH
Network
|
wellintech
|
kingscada
|
WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listenin…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20410
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246383
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20409
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246384
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-20408
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246385
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42hls.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-20407
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246386
|
2.7 |
LOW
Network
|
bigtreecms
|
bigtree
|
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-20405
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246387
|
7.5 |
HIGH
Network
|
python debian fedoraproject
|
python debian_linux fedora
|
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-20406
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246388
|
8.8 |
HIGH
Network
|
safe
|
fme_server
|
Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernam…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2018-20402
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246389
|
9.8 |
CRITICAL
Network
|
zoomtel
|
5352_firmware
|
Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-20401
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246390
|
9.8 |
CRITICAL
Network
|
ubeeinteractive
|
dvw2108_firmware dvw2110_firmware
|
Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-20400
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|