|
246651
|
9.8 |
CRITICAL
Network
|
seasofsolutions
|
ip_camera_firmware
|
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like …
|
CWE-200
Information Exposure
|
CVE-2018-11653
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246652
|
6.5 |
MEDIUM
Network
|
moderator_log_notes_project
|
moderator_log_notes
|
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and m…
|
CWE-352
Origin Validation Error
|
CVE-2018-11502
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246653
|
9.8 |
CRITICAL
Network
|
puppet
|
puppet_enterprise
|
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-11749
|
2024-11-21 12:43 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246654
|
8.1 |
HIGH
Network
|
apache
|
cayenne
|
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cay…
|
CWE-611
XXE
|
CVE-2018-11758
|
2024-11-21 12:43 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246655
|
9.8 |
CRITICAL
Network
|
asustor
|
asustor_data_master
|
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album…
|
CWE-89
SQL Injection
|
CVE-2018-11511
|
2024-11-21 12:43 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246656
|
9.8 |
CRITICAL
Network
|
asustor
|
asustor_data_master
|
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11509
|
2024-11-21 12:43 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246657
|
5.5 |
MEDIUM
Local
|
apache
oracle
|
commons_compress
weblogic_server
|
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-11771
|
2024-11-21 12:43 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246658
|
7.5 |
HIGH
Network
|
bitcoin_red_project
|
bitcoin_red
|
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digita…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-11687
|
2024-11-21 12:43 |
2018-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246659
|
4.2 |
MEDIUM
Network
|
apache
|
spark
|
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'sp…
|
CWE-287
Improper Authentication
|
CVE-2018-11770
|
2024-11-21 12:43 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246660
|
7.5 |
HIGH
Network
|
asus
|
hg100_firmware
|
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
|
NVD-CWE-noinfo
|
CVE-2018-11492
|
2024-11-21 12:43 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
