|
246711
|
8.8 |
HIGH
Network
|
clippercms
|
clippercms
|
ClipperCMS 1.3.3 allows Session Fixation.
|
CWE-384
Session Fixation
|
CVE-2018-11571
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246712
|
6.1 |
MEDIUM
Network
|
cactusthemes
|
gameplan-event_and_gym_fitness
|
Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11568
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246713
|
5.3 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking …
|
CWE-200
Information Exposure
|
CVE-2018-11565
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246714
|
9.8 |
CRITICAL
Network
|
tp-link
|
ipc_tl-ipc223\(p\)-6_firmware
tl-ipc323k-d_firmware
tl-ipc325\(kp\)_firmware
tl-ipc40a-4_firmware
|
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11482
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246715
|
8.8 |
HIGH
Network
|
tp-link
|
ipc_tl-ipc223\(p\)-6_firmware
tl-ipc323k-d_firmware
tl-ipc325\(kp\)_firmware
tl-ipc40a-4_firmware
|
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua d…
|
CWE-20
Improper Input Validation
|
CVE-2018-11481
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246716
|
8.8 |
HIGH
Adjacent
|
vgate
|
icar_2_wi-fi_obd2_firmware
|
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be u…
|
CWE-287
Improper Authentication
|
CVE-2018-11478
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246717
|
3.3 |
LOW
Local
|
amazon
|
echo_show_firmware
echo_plus_firmware
echo_dot_firmware
echo_spot_firmware
echo_firmware
|
Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds…
|
CWE-384
Session Fixation
|
CVE-2018-11567
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246718
|
6.5 |
MEDIUM
Adjacent
|
vgate
|
icar_2_wi-fi_obd2_firmware
|
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-11477
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246719
|
8.8 |
HIGH
Adjacent
|
vgate
|
icar_2_wi-fi_obd2_firmware
|
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-11476
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246720
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the dele…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11562
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
