|
246431
|
7.5 |
HIGH
Network
|
sddm_project
|
sddm
|
An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus …
|
CWE-287
CWE-613
Improper Authentication
Insufficient Session Expiration
|
CVE-2018-14345
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246432
|
9.8 |
CRITICAL
Network
|
trivum
|
webtouch_setup_v9_firmware
|
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using…
|
NVD-CWE-noinfo
|
CVE-2018-13862
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246433
|
9.8 |
CRITICAL
Network
|
trivum
|
webtouch_setup_v9_firmware
|
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, …
|
NVD-CWE-noinfo
|
CVE-2018-13861
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246434
|
7.5 |
HIGH
Network
|
trivum
|
c4_professional_firmware
|
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/…
|
CWE-200
Information Exposure
|
CVE-2018-13860
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246435
|
9.8 |
CRITICAL
Network
|
trivum
|
c4_professional_firmware
|
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/syst…
|
NVD-CWE-noinfo
|
CVE-2018-13859
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246436
|
9.8 |
CRITICAL
Network
|
trivum
|
c4_professional_firmware
|
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using …
|
NVD-CWE-noinfo
|
CVE-2018-13858
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246437
|
8.1 |
HIGH
Network
|
exiv2
|
exiv2
|
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14338
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246438
|
7.5 |
HIGH
Network
|
lightbend
|
play_framework
|
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download …
|
CWE-22
Path Traversal
|
CVE-2018-13864
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246439
|
7.5 |
HIGH
Network
|
mruby
debian
|
mruby
debian_linux
|
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14337
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246440
|
9.8 |
CRITICAL
Network
|
joyplus-cms_project
|
joyplus-cms
|
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of cont…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-14334
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
