|
245951
|
9.8 |
CRITICAL
Network
|
mitel
|
cmg_suite
|
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface…
|
CWE-89
SQL Injection
|
CVE-2018-18285
|
2024-11-21 12:55 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245952
|
9.8 |
CRITICAL
Network
|
mitel
|
cmg_suite
|
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd inter…
|
CWE-89
SQL Injection
|
CVE-2018-18286
|
2024-11-21 12:55 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245953
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
endpoint_protection_cloud
norton_security
endpoint_protection_cloud_agent
|
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerabi…
|
CWE-426
Untrusted Search Path
|
CVE-2018-18369
|
2024-11-21 12:55 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245954
|
9.8 |
CRITICAL
Network
|
deltek
|
vision
|
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security ru…
|
CWE-89
CWE-798
SQL Injection
Use of Hard-coded Credentials
|
CVE-2018-18251
|
2024-11-21 12:55 |
2019-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245955
|
7.8 |
HIGH
Local
|
intel
|
media_sdk
|
Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-18094
|
2024-11-21 12:55 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245956
|
6.1 |
MEDIUM
Network
|
tribulant
|
slideshow_gallery
|
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18019
|
2024-11-21 12:55 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245957
|
9.8 |
CRITICAL
Network
|
tribulant
|
slideshow_gallery
|
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
|
CWE-89
SQL Injection
|
CVE-2018-18018
|
2024-11-21 12:55 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245958
|
6.1 |
MEDIUM
Network
|
tribulant
|
slideshow_gallery
|
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18017
|
2024-11-21 12:55 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245959
|
6.1 |
MEDIUM
Network
|
bijiadao
|
waimai_super_cms
|
In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18261
|
2024-11-21 12:55 |
2019-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245960
|
7.5 |
HIGH
Network
|
symantec
|
norton_password_manager
|
Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traff…
|
NVD-CWE-noinfo
|
CVE-2018-18365
|
2024-11-21 12:55 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
