|
245731
|
8.8 |
HIGH
Network
|
popojicms
|
popojicms
|
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.
|
CWE-352
Origin Validation Error
|
CVE-2018-18935
|
2024-11-21 12:56 |
2018-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245732
|
9.8 |
CRITICAL
Network
|
popojicms
|
popojicms
|
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing …
|
CWE-352
CWE-434
Origin Validation Error
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-18934
|
2024-11-21 12:56 |
2018-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245733
|
9.1 |
CRITICAL
Network
|
foxitsoftware
|
foxit_reader
u3d
|
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive in…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18933
|
2024-11-21 12:56 |
2018-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245734
|
9.8 |
CRITICAL
Network
|
icu-project
|
international_components_for_unicode
|
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-18928
|
2024-11-21 12:56 |
2018-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245735
|
4.8 |
MEDIUM
Network
|
publiccms
|
publiccms
|
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPD…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18927
|
2024-11-21 12:56 |
2018-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245736
|
9.8 |
CRITICAL
Network
|
gitea
|
gitea
|
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.
|
CWE-384
Session Fixation
|
CVE-2018-18926
|
2024-11-21 12:56 |
2018-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245737
|
9.8 |
CRITICAL
Network
|
gogs
|
gogs
|
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to…
|
CWE-384
Session Fixation
|
CVE-2018-18925
|
2024-11-21 12:56 |
2018-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245738
|
8.8 |
HIGH
Network
|
projeqtor
|
projeqtor
|
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable…
|
CWE-459
Incomplete Cleanup
|
CVE-2018-18924
|
2024-11-21 12:56 |
2018-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245739
|
4.8 |
MEDIUM
Network
|
iiong
|
wp_editor.md
|
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18919
|
2024-11-21 12:56 |
2018-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245740
|
6.1 |
MEDIUM
Network
|
xheditor
|
xheditor
|
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18909
|
2024-11-21 12:56 |
2018-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
