|
246621
|
7.8 |
HIGH
Local
|
algolplus
|
advanced_order_export_for_woocommerce
|
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-11525
|
2024-11-21 12:43 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246622
|
6.1 |
MEDIUM
Network
|
oauth2orize-fprm_project
|
oauth2orize-fprm
|
index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11647
|
2024-11-21 12:43 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246623
|
6.1 |
MEDIUM
Network
|
balbooa
|
gridbox
|
The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could expl…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11690
|
2024-11-21 12:43 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246624
|
6.1 |
MEDIUM
Network
|
samsung
hanwha-security
|
smartviewer
hrd-1642_firmware
hrd-842_firmware
hrd-442_firmware
hrd-1641_firmware
hrd-841_firmware
hrd-840_firmware
hrd-440_firmware
hrd-443_firmware
srd-1694u_firmware
|
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was tr…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11689
|
2024-11-21 12:43 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246625
|
9.8 |
CRITICAL
Network
|
point-to-point_protocol_project
canonical
|
point-to-point_protocol
ubuntu_linux
|
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is …
|
CWE-20
CWE-190
Improper Input Validation
Integer Overflow or Wraparound
|
CVE-2018-11574
|
2024-11-21 12:43 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246626
|
6.1 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11688
|
2024-11-21 12:43 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246627
|
6.1 |
MEDIUM
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera…
|
CWE-601
Open Redirect
|
CVE-2018-11408
|
2024-11-21 12:43 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246628
|
9.8 |
CRITICAL
Network
|
sensiolabs
|
symfony
|
An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l…
|
CWE-287
Improper Authentication
|
CVE-2018-11407
|
2024-11-21 12:43 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246629
|
8.8 |
HIGH
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session …
|
CWE-352
Origin Validation Error
|
CVE-2018-11406
|
2024-11-21 12:43 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246630
|
5.9 |
MEDIUM
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c…
|
CWE-613
Insufficient Session Expiration
|
CVE-2018-11386
|
2024-11-21 12:43 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
