|
246081
|
7.8 |
HIGH
Local
|
advantech
|
webaccess
|
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attac…
|
CWE-284
Improper Access Control
|
CVE-2018-17908
|
2024-11-21 12:55 |
2018-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246082
|
6.1 |
MEDIUM
Network
|
geovap
|
reliance_4
|
Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17904
|
2024-11-21 12:55 |
2018-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246083
|
6.9 |
MEDIUM
Physics
|
sagaradio
|
saga1-l8b_firmware
|
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.
|
CWE-287
Improper Authentication
|
CVE-2018-17923
|
2024-11-21 12:55 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246084
|
8.8 |
HIGH
Adjacent
|
sagaradio
|
saga1-l8b_firmware
|
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
|
NVD-CWE-Other
|
CVE-2018-17921
|
2024-11-21 12:55 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246085
|
9.1 |
CRITICAL
Network
|
sagaradio
|
saga1-l8b_firmware
|
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2018-17903
|
2024-11-21 12:55 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246086
|
7.8 |
HIGH
Local
|
citrix
|
xenmobile_server
|
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 a…
|
CWE-287
Improper Authentication
|
CVE-2018-18014
|
2024-11-21 12:55 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246087
|
7.8 |
HIGH
Local
|
citrix
|
xenmobile_server
|
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserial…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-18013
|
2024-11-21 12:55 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246088
|
8.1 |
HIGH
Adjacent
|
telecrane
|
f25-2s_firmware
f25-2d_firmware
f25-4s_firmware
f25-4d_firmware
f25-6s_firmware
f25-6d_firmware
f25-8s_firmware
f25-8d_firmware
f25-10s_firmware
f25-10d_firmware
f25-60_…
|
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of …
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2018-17935
|
2024-11-21 12:55 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246089
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_opmanager
|
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-18475
|
2024-11-21 12:55 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246090
|
7.5 |
HIGH
Network
|
conversations
|
conversations
|
An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent.
|
CWE-200
Information Exposure
|
CVE-2018-18467
|
2024-11-21 12:55 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
