|
246001
|
9.8 |
CRITICAL
Network
|
dlink
|
dsl-2770l_firmware
|
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-18007
|
2024-11-21 12:55 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246002
|
7.5 |
HIGH
Network
|
trendmicro
|
officescan
|
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installat…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-18332
|
2024-11-21 12:55 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246003
|
7.5 |
HIGH
Network
|
trendmicro
|
officescan
|
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerabl…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-18331
|
2024-11-21 12:55 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246004
|
6.5 |
MEDIUM
Network
|
trendmicro
|
dr._safety
|
An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL …
|
NVD-CWE-noinfo
|
CVE-2018-18330
|
2024-11-21 12:55 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246005
|
7.5 |
HIGH
Network
|
d-link
|
dcs-825l_firmware
|
D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio s…
|
NVD-CWE-noinfo
|
CVE-2018-18442
|
2024-11-21 12:55 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246006
|
7.5 |
HIGH
Network
|
d-link
dlink
|
dcs-936l_firmware
dcs-942l_firmware
dcs-8000lh_firmware
dcs-942lb1_firmware
dcs-5222l_firmware
dcs-825l_firmware
dcs-2630l_firmware
dcs-820l_firmware
dcs-855l_firmware
dcs-…
|
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, …
|
CWE-200
Information Exposure
|
CVE-2018-18441
|
2024-11-21 12:55 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246007
|
9.8 |
CRITICAL
Network
|
jco
|
karma
|
SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.
|
CWE-89
SQL Injection
|
CVE-2018-18399
|
2024-11-21 12:55 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246008
|
9.8 |
CRITICAL
Network
|
escanav
|
escan_anti-virus
|
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port …
|
NVD-CWE-noinfo
|
CVE-2018-18388
|
2024-11-21 12:55 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246009
|
7.5 |
HIGH
Network
|
icinga
|
icinga_web_2
|
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.
|
CWE-74
Injection
|
CVE-2018-18250
|
2024-11-21 12:55 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246010
|
9.8 |
CRITICAL
Network
|
icinga
|
icinga_web_2
|
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_R…
|
CWE-94
Code Injection
|
CVE-2018-18249
|
2024-11-21 12:55 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
