|
246011
|
8.8 |
HIGH
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17442
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246012
|
6.1 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17441
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246013
|
9.8 |
CRITICAL
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking adv…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17440
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246014
|
9.8 |
CRITICAL
Network
|
git-scm
redhat
canonical
debian
|
git
enterprise_linux_desktop
enterprise_linux
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_server…
|
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git …
|
CWE-88
Argument Injection
|
CVE-2018-17456
|
2024-11-21 12:54 |
2018-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246015
|
7.5 |
HIGH
Network
|
multitech
|
faxfinder
|
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information…
|
CWE-89
SQL Injection
|
CVE-2018-17562
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246016
|
8.8 |
HIGH
Network
|
naviwebs
|
navigate_cms
|
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17553
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246017
|
9.8 |
CRITICAL
Network
|
naviwebs
|
navigate_cms
|
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
|
CWE-89
SQL Injection
|
CVE-2018-17552
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246018
|
7.5 |
HIGH
Network
|
strongswan
debian
canonical
|
strongswan
debian_linux
ubuntu_linux
|
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17540
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246019
|
9.8 |
CRITICAL
Network
|
nexusfi
|
opac_easyweb_five
|
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
|
CWE-89
SQL Injection
|
CVE-2018-17428
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246020
|
7.8 |
HIGH
Local
|
zahiraccounting
|
zahir_enterprise_plus
|
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV Fi…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17408
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
