|
246021
|
7.8 |
HIGH
Local
|
seqrite
|
end_point_security
|
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-17775
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246022
|
6.1 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17443
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246023
|
8.8 |
HIGH
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17442
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246024
|
6.1 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17441
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246025
|
9.8 |
CRITICAL
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking adv…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17440
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246026
|
9.8 |
CRITICAL
Network
|
git-scm
redhat
canonical
debian
|
git
enterprise_linux_desktop
enterprise_linux
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_server…
|
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git …
|
CWE-88
Argument Injection
|
CVE-2018-17456
|
2024-11-21 12:54 |
2018-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246027
|
7.5 |
HIGH
Network
|
multitech
|
faxfinder
|
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information…
|
CWE-89
SQL Injection
|
CVE-2018-17562
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246028
|
8.8 |
HIGH
Network
|
naviwebs
|
navigate_cms
|
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17553
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246029
|
9.8 |
CRITICAL
Network
|
naviwebs
|
navigate_cms
|
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
|
CWE-89
SQL Injection
|
CVE-2018-17552
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246030
|
7.5 |
HIGH
Network
|
strongswan
debian
canonical
|
strongswan
debian_linux
ubuntu_linux
|
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17540
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
