|
246101
|
5.4 |
MEDIUM
Network
|
ardawan
|
user_management
|
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18419
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246102
|
5.4 |
MEDIUM
Network
|
creativeitem
|
ekushey_project_manager
|
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18417
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246103
|
4.8 |
MEDIUM
Network
|
pokkho
|
lango
|
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18416
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246104
|
4.7 |
MEDIUM
Local
|
xfce
|
thunar
xfce
|
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploit…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18398
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246105
|
8.6 |
HIGH
Local
|
artifex
debian
canonical
redhat
pulsesecure
|
ghostscript
debian_linux
ubuntu_linux
gpl_ghostscript
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linu…
|
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
|
NVD-CWE-noinfo
|
CVE-2018-18284
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246106
|
8.1 |
HIGH
Network
|
opendesign
oracle
|
drawings_sdk
outside_in_technology
|
A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18224
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246107
|
8.1 |
HIGH
Network
|
opendesign
oracle
|
drawings_sdk
outside_in_technology
|
Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.
|
NVD-CWE-noinfo
|
CVE-2018-18223
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246108
|
7.8 |
HIGH
Local
|
iobit
|
malware_fighter
|
IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size whic…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-18026
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246109
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The…
|
CWE-384
Session Fixation
|
CVE-2018-18380
|
2024-11-21 12:55 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246110
|
9.8 |
CRITICAL
Network
|
moxa
|
thingspro
|
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
|
NVD-CWE-noinfo
|
CVE-2018-18396
|
2024-11-21 12:55 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
