|
246321
|
5.3 |
MEDIUM
Network
|
seacms
|
seacms
|
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16821
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246322
|
8.6 |
HIGH
Network
|
microsoft
|
exchange_server
|
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-16793
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246323
|
5.5 |
MEDIUM
Local
|
linux
netapp
opensuse
|
linux_kernel
element_software
active_iq_performance_analytics_services
leap
|
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
|
CWE-863
Incorrect Authorization
|
CVE-2018-16597
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246324
|
6.1 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16786
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246325
|
7.2 |
HIGH
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
|
CWE-91
Blind XPath Injection
|
CVE-2018-16784
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246326
|
8.8 |
HIGH
Network
|
linknet-usa
|
lw-n605r_firmware
|
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the d…
|
CWE-78
CWE-1188
OS Command
Insecure Default Initialization of Resource
|
CVE-2018-16752
|
2024-11-21 12:53 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246327
|
8.8 |
HIGH
Network
|
dedecms
|
dedecms
|
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
|
CWE-91
Blind XPath Injection
|
CVE-2018-16785
|
2024-11-21 12:53 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246328
|
5.4 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16607
|
2024-11-21 12:53 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246329
|
7.5 |
HIGH
Network
|
bitcoinknots
bitcoin
|
bitcoin_knots
bitcoin_core
|
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitabl…
|
NVD-CWE-noinfo
|
CVE-2018-17144
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246330
|
9.8 |
CRITICAL
Network
|
coinlancer
|
coinlancer
|
The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use …
|
NVD-CWE-noinfo
|
CVE-2018-17111
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
