|
246311
|
6.5 |
MEDIUM
Network
|
circontrol
|
circarlife_scada
|
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unpriv…
|
CWE-200
Information Exposure
|
CVE-2018-16672
|
2024-11-21 12:53 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246312
|
9.8 |
CRITICAL
Network
|
tgstation13
|
tgstation-server
|
In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.
|
NVD-CWE-noinfo
|
CVE-2018-17107
|
2024-11-21 12:53 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246313
|
9.8 |
CRITICAL
Network
|
debian
hylafax
|
debian_linux
hylafax\+
hylafax
|
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMDa…
|
CWE-824
CWE-787
Access of Uninitialized Pointer
Out-of-bounds Write
|
CVE-2018-17141
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246314
|
7.5 |
HIGH
Network
|
polyai_project
|
polyai
|
The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-17050
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246315
|
6.1 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17003
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246316
|
6.1 |
MEDIUM
Network
|
ricoh
|
mp_2001sp_firmware
|
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWiza…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17002
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246317
|
6.1 |
MEDIUM
Network
|
ricoh
|
sp_4510sf_firmware
|
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17001
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246318
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_supportcenter_plus
|
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16965
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246319
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16833
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246320
|
9.8 |
CRITICAL
Network
|
seacms
|
seacms
|
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
|
CWE-89
SQL Injection
|
CVE-2018-16822
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
