|
246451
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12944
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246452
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12943
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246453
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an e…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12940
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246454
|
6.5 |
MEDIUM
Network
|
seeddms
|
seeddms
|
A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.U…
|
CWE-22
Path Traversal
|
CVE-2018-12939
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246455
|
5.9 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS ses…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2018-13280
|
2024-11-21 12:46 |
2018-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246456
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the applicati…
|
CWE-89
SQL Injection
|
CVE-2018-12942
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246457
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following us…
|
CWE-20
Improper Input Validation
|
CVE-2018-12941
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246458
|
7.5 |
HIGH
Network
|
aditustoken_project
|
aditustoken
|
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
|
CWE-20
Improper Input Validation
|
CVE-2018-12959
|
2024-11-21 12:46 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246459
|
9.8 |
CRITICAL
Network
|
webkitgtk
canonical
|
webkitgtk\+
ubuntu_linux
|
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12911
|
2024-11-21 12:46 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246460
|
5.4 |
MEDIUM
Network
|
wago
|
762-3000_firmware
762-3001_firmware
762-3002_firmware
762-3003_firmware
|
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending specia…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12981
|
2024-11-21 12:46 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
