|
246381
|
9.1 |
CRITICAL
Network
|
siemens
|
simatic_wincc_open_architecture
|
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated rem…
|
NVD-CWE-noinfo
|
CVE-2018-13799
|
2024-11-21 12:48 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246382
|
6.1 |
MEDIUM
Network
|
cremecrm
|
cremecrm
|
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to …
|
CWE-601
Open Redirect
|
CVE-2018-14398
|
2024-11-21 12:48 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246383
|
5.4 |
MEDIUM
Network
|
cremecrm
|
cremecrm
|
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-z…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14397
|
2024-11-21 12:48 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246384
|
5.4 |
MEDIUM
Network
|
cremecrm
|
cremecrm
|
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14396
|
2024-11-21 12:48 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246385
|
6.1 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_policy_secure
pulse_connect_secure
connect_secure
|
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerabi…
|
CWE-601
Open Redirect
|
CVE-2018-14366
|
2024-11-21 12:48 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246386
|
9.1 |
CRITICAL
Network
|
ca
broadcom
|
project_portfolio_management
|
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request…
|
CWE-611
XXE
|
CVE-2018-13826
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246387
|
6.1 |
MEDIUM
Network
|
ca
broadcom
|
project_portfolio_management
|
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cros…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13825
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246388
|
9.8 |
CRITICAL
Network
|
ca
broadcom
|
project_portfolio_management
|
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
|
CWE-89
SQL Injection
|
CVE-2018-13824
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246389
|
7.5 |
HIGH
Network
|
ca
broadcom
|
project_portfolio_management
|
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive informatio…
|
CWE-611
XXE
|
CVE-2018-13823
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246390
|
7.5 |
HIGH
Network
|
broadcom
|
project_portfolio_management
|
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-13822
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
