|
246671
|
8.8 |
HIGH
Network
|
njtech
|
greencms
|
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
|
CWE-352
Origin Validation Error
|
CVE-2018-11670
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246672
|
4.8 |
MEDIUM
Network
|
brother
|
hl-l2340d_firmware
hl-l2380dw_firmware
|
Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11581
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246673
|
6.1 |
MEDIUM
Network
|
nch
|
axon_pbx
|
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11552
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246674
|
7.8 |
HIGH
Local
|
nch
|
axon_pbx
|
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file i…
|
CWE-426
Untrusted Search Path
|
CVE-2018-11551
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246675
|
7.5 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-11657
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246676
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image fil…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-11656
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246677
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted C…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-11655
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246678
|
9.8 |
CRITICAL
Network
|
cirt.net
|
nikto
|
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV r…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-11652
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246679
|
6.1 |
MEDIUM
Network
|
emssoftware
|
ems_master_calendar
|
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11628
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246680
|
6.1 |
MEDIUM
Network
|
multidots
|
advance_search_for_woocommerce
|
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-a…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11486
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
