|
250921
|
7.5 |
HIGH
Network
|
chanzhi
|
chanzhi
|
QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/fi…
|
CWE-22
Path Traversal
|
CVE-2018-10122
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250922
|
4.8 |
MEDIUM
Network
|
monstra
|
monstra
|
plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10121
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250923
|
4.8 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10118
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250924
|
8.8 |
HIGH
Network
|
icmsdev
|
icms
|
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
|
CWE-352
Origin Validation Error
|
CVE-2018-10117
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250925
|
8.8 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10114
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250926
|
7.5 |
HIGH
Network
|
gegl
|
generic_graphics_library
|
An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocat…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10113
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250927
|
8.8 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10112
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250928
|
7.5 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10111
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250929
|
4.8 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10109
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250930
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-815_firmware
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10108
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
