|
246171
|
8.8 |
HIGH
Network
|
netgate
|
pfsense
|
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr"…
|
CWE-78
OS Command
|
CVE-2018-16055
|
2024-11-21 12:52 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246172
|
8.1 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-16364
|
2024-11-21 12:52 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246173
|
7.5 |
HIGH
Network
|
strongswan
debian
canonical
|
strongswan
debian_linux
ubuntu_linux
|
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorit…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16152
|
2024-11-21 12:52 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246174
|
7.5 |
HIGH
Network
|
strongswan
debian
canonical
|
strongswan
debian_linux
ubuntu_linux
|
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded al…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16151
|
2024-11-21 12:52 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246175
|
7.5 |
HIGH
Network
|
localize_my_post_project
|
localize_my_post
|
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
|
CWE-22
Path Traversal
|
CVE-2018-16299
|
2024-11-21 12:52 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246176
|
9.8 |
CRITICAL
Network
|
wechat_brodcast_project
|
wechat_brodcast
|
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
|
CWE-22
Path Traversal
|
CVE-2018-16283
|
2024-11-21 12:52 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246177
|
9.8 |
CRITICAL
Network
|
deiser
|
profields-project_custom_fields
|
The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2018-16281
|
2024-11-21 12:52 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246178
|
8.8 |
HIGH
Network
|
moxa
|
edr-810_firmware
|
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname param…
|
CWE-78
OS Command
|
CVE-2018-16282
|
2024-11-21 12:52 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246179
|
8.8 |
HIGH
Network
|
matrix
debian
|
synapse
debian_linux
|
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16515
|
2024-11-21 12:52 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246180
|
6.5 |
MEDIUM
Adjacent
|
qbeecam
swisscom
|
qbee_multi-sensor_camera_firmware
swisscom_home_app
qbeecam
|
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-16225
|
2024-11-21 12:52 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
