|
246211
|
6.5 |
MEDIUM
Network
|
atlassian
|
universal_plugin_manager
|
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perfo…
|
CWE-611
XXE
|
CVE-2018-20233
|
2024-11-21 13:01 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246212
|
7.5 |
HIGH
Network
|
winscp
|
winscp
|
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SC…
|
CWE-20
Improper Input Validation
|
CVE-2018-20684
|
2024-11-21 13:01 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246213
|
5.3 |
MEDIUM
Network
|
openbsd winscp netapp debian canonical redhat oracle fujitsu siemens
|
openssh winscp cloud_backup element_software storage_automation_store ontap_select_deploy steelstore_cloud_integrated_storage debian_linux ubuntu_linux enterprise_linux …
|
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the tar…
|
CWE-863
Incorrect Authorization
|
CVE-2018-20685
|
2024-11-21 13:01 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246214
|
8.1 |
HIGH
Network
|
gitolite
|
gitolite
|
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v,…
|
CWE-20
Improper Input Validation
|
CVE-2018-20683
|
2024-11-21 13:01 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246215
|
5.4 |
MEDIUM
Network
|
fork-cms
|
fork_cms
|
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
|
CWE-79
Cross-site Scripting
|
CVE-2018-20682
|
2024-11-21 13:01 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246216
|
6.1 |
MEDIUM
Physics
|
mate-desktop
|
mate-screensaver
|
mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycli…
|
CWE-200
Information Exposure
|
CVE-2018-20681
|
2024-11-21 13:01 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246217
|
4.8 |
MEDIUM
Network
|
frog_cms_project
|
frog_cms
|
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20680
|
2024-11-21 13:01 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246218
|
7.5 |
HIGH
Network
|
busybox canonical
|
busybox ubuntu_linux
|
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information fro…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20679
|
2024-11-21 13:01 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246219
|
6.1 |
MEDIUM
Network
|
getbootstrap
|
bootstrap
|
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20677
|
2024-11-21 13:01 |
2019-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246220
|
6.1 |
MEDIUM
Network
|
getbootstrap
|
bootstrap
|
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20676
|
2024-11-21 13:01 |
2019-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|