|
246711
|
7.8 |
HIGH
Local
|
goldenfrog
|
vyprvpn
|
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applic…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10645
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246712
|
5.4 |
MEDIUM
Network
|
hrsale_project
|
hrsale
|
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10259
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246713
|
8.8 |
HIGH
Network
|
codeslab
|
shopy_point_of_sale
|
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to po…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-10258
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246714
|
8.8 |
HIGH
Local
|
hrsale_project
|
hrsale
|
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-10257
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246715
|
8.8 |
HIGH
Network
|
hrsale_project
|
hrsale
|
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
|
CWE-89
SQL Injection
|
CVE-2018-10256
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246716
|
8.8 |
HIGH
Network
|
clustercoding
|
blog_master_pro
|
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, lea…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-10255
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246717
|
7.5 |
HIGH
Network
|
libreoffice
apache
debian
redhat
canonical
|
libreoffice
openoffice
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ubuntu_linux
|
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstr…
|
CWE-200
Information Exposure
|
CVE-2018-10583
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246718
|
5.4 |
MEDIUM
Network
|
threads_to_link_project
|
threads_to_link
|
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly …
|
CWE-79
Cross-site Scripting
|
CVE-2018-10365
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246719
|
5.4 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated …
|
CWE-200
Information Exposure
|
CVE-2018-10581
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246720
|
6.1 |
MEDIUM
Network
|
wunderfarm
|
wf_cookie_consent
|
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that all…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10371
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
