|
247221
|
7.5 |
HIGH
Network
|
d-link
|
dir-809_a1_firmware
dir-809_a2_firmware
dir-809_guestzone_firmware
|
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.
|
CWE-287
Improper Authentication
|
CVE-2018-14080
|
2024-11-21 12:48 |
2018-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247222
|
6.1 |
MEDIUM
Network
|
progress
|
kendo_ui
|
Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Seri…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14037
|
2024-11-21 12:48 |
2018-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247223
|
7.8 |
HIGH
Local
|
ee
|
ee40vb_firmware
|
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Con…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14327
|
2024-11-21 12:48 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247224
|
8.8 |
HIGH
Network
|
samsung
|
galaxy_s8_firmware
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that…
|
CWE-20
Improper Input Validation
|
CVE-2018-14318
|
2024-11-21 12:48 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247225
|
7.5 |
HIGH
Network
|
smarty
debian
|
smarty
debian_linux
|
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the execut…
|
CWE-22
Path Traversal
|
CVE-2018-13982
|
2024-11-21 12:48 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247226
|
6.5 |
MEDIUM
Network
|
podofo_project
|
podofo
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14320
|
2024-11-21 12:48 |
2018-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247227
|
8.6 |
HIGH
Network
|
siemens
|
scalance_x408_firmware
scalance_x300_firmware
scalance_x414_firmware
|
A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an att…
|
CWE-20
Improper Input Validation
|
CVE-2018-13807
|
2024-11-21 12:48 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247228
|
7.8 |
HIGH
Local
|
siemens
|
td_keypad_designer
|
A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to e…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2018-13806
|
2024-11-21 12:48 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247229
|
9.1 |
CRITICAL
Network
|
siemens
|
simatic_wincc_open_architecture
|
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated rem…
|
NVD-CWE-noinfo
|
CVE-2018-13799
|
2024-11-21 12:48 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247230
|
6.1 |
MEDIUM
Network
|
cremecrm
|
cremecrm
|
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to …
|
CWE-601
Open Redirect
|
CVE-2018-14398
|
2024-11-21 12:48 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
