|
246391
|
7.5 |
HIGH
Network
|
olacabs
|
ola_money
|
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS me…
|
CWE-200
Information Exposure
|
CVE-2018-15661
|
2024-11-21 12:51 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246392
|
5.9 |
MEDIUM
Network
|
olacabs
|
olamoney
|
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read ce…
|
NVD-CWE-noinfo
|
CVE-2018-15660
|
2024-11-21 12:51 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246393
|
7.5 |
HIGH
Network
|
airmailapp
|
airmail
|
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emai…
|
CWE-287
Improper Authentication
|
CVE-2018-15667
|
2024-11-21 12:51 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246394
|
9.8 |
CRITICAL
Network
|
geutebrueck
|
re_porter_16_firmware
|
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP…
|
CWE-200
Information Exposure
|
CVE-2018-15534
|
2024-11-21 12:51 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246395
|
6.1 |
MEDIUM
Network
|
geutebrueck
|
re_porter_16_firmware
|
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15533
|
2024-11-21 12:51 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246396
|
6.1 |
MEDIUM
Network
|
javasystemsolutions
|
sso_plugin
|
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" funct…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15528
|
2024-11-21 12:51 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246397
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and m…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-15607
|
2024-11-21 12:51 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246398
|
6.1 |
MEDIUM
Network
|
victor_cms_project
|
victor_cms
|
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15603
|
2024-11-21 12:51 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246399
|
9.8 |
CRITICAL
Network
|
elefantcms
|
elefantcms
|
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
|
CWE-20
Improper Input Validation
|
CVE-2018-15601
|
2024-11-21 12:51 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246400
|
5.3 |
MEDIUM
Network
|
debian
dropbear_ssh_project
|
debian_linux
dropbear_ssh
|
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages…
|
CWE-200
Information Exposure
|
CVE-2018-15599
|
2024-11-21 12:51 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
