|
246411
|
4.7 |
MEDIUM
Network
|
technicolor
|
dpc3928sl_firmware
|
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20379
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246412
|
9.8 |
CRITICAL
Network
|
orange
|
arv7519rw22_livebox_2.1_firmware
|
Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi passwor…
|
NVD-CWE-noinfo
|
CVE-2018-20377
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246413
|
5.5 |
MEDIUM
Local
|
tinycc
|
tinycc
|
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20376
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246414
|
5.5 |
MEDIUM
Local
|
tinycc
|
tinycc
|
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20375
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246415
|
5.5 |
MEDIUM
Local
|
tinycc
|
tinycc
|
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20374
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246416
|
5.4 |
MEDIUM
Network
|
tendacn
|
adsl_firmware
|
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20373
|
2024-11-21 13:01 |
2018-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246417
|
5.4 |
MEDIUM
Network
|
tp-link
|
td-w8961nd_firmware
|
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20372
|
2024-11-21 13:01 |
2018-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246418
|
9.8 |
CRITICAL
Network
|
photorange_photo_vault_project
|
photorange_photo_vault
|
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrate…
|
CWE-200
Information Exposure
|
CVE-2018-20371
|
2024-11-21 13:01 |
2018-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246419
|
5.4 |
MEDIUM
Network
|
the-sz
|
netchat
|
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20370
|
2024-11-21 13:01 |
2018-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246420
|
6.1 |
MEDIUM
Network
|
barracuda
|
message_archiver
|
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Up…
|
CWE-79
Cross-site Scripting
|
CVE-2018-20369
|
2024-11-21 13:01 |
2018-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|