|
246661
|
8.8 |
HIGH
Network
|
liblouis
canonical
opensuse
|
liblouis
ubuntu_linux
leap
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11683
|
2024-11-21 12:43 |
2018-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246662
|
6.5 |
MEDIUM
Network
|
cmseasy
|
cmseasy
|
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is…
|
CWE-352
Origin Validation Error
|
CVE-2018-11680
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246663
|
8.8 |
HIGH
Network
|
cmseasy
|
cmseasy
|
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
|
CWE-352
Origin Validation Error
|
CVE-2018-11679
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246664
|
9.8 |
CRITICAL
Network
|
lutron
|
stanza_firmware
radiora_2_firmware
homeworks_qs_firmware
|
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revisio…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11682
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246665
|
9.8 |
CRITICAL
Network
|
lutron
|
stanza_firmware
radiora_2_firmware
homeworks_qs_firmware
|
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11681
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246666
|
9.8 |
CRITICAL
Network
|
lutron
|
stanza_firmware
radiora_2_firmware
homeworks_qs_firmware
|
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWor…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11629
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246667
|
4.8 |
MEDIUM
Network
|
pagekit
|
pagekit
|
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG f…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11564
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246668
|
6.1 |
MEDIUM
Network
|
yosoro_project
|
yosoro
|
Yosoro 1.0.4 has stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11522
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246669
|
8.8 |
HIGH
Network
|
searchblox
|
searchblox
|
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
|
CWE-352
Origin Validation Error
|
CVE-2018-11538
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246670
|
8.8 |
HIGH
Network
|
njtech
|
greencms
|
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
|
CWE-352
Origin Validation Error
|
CVE-2018-11671
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
