|
245741
|
9.8 |
CRITICAL
Network
|
vanillaforums
|
vanilla
|
Vanilla 2.6.x before 2.6.4 allows remote code execution.
|
CWE-94
Code Injection
|
CVE-2018-18903
|
2024-11-21 12:56 |
2018-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245742
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-18915
|
2024-11-21 12:56 |
2018-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245743
|
6.5 |
MEDIUM
Network
|
freedesktop
debian
canonical
redhat
|
poppler
debian_linux
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux
enterprise_linux_eus
enterprise_linux_server_t…
|
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-18897
|
2024-11-21 12:56 |
2018-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245744
|
4.3 |
MEDIUM
Network
|
microstrategy
|
microstrategy_web
|
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restr…
|
CWE-22
Path Traversal
|
CVE-2018-18777
|
2024-11-21 12:56 |
2018-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245745
|
6.1 |
MEDIUM
Network
|
microstrategy
|
microstrategy_web
|
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a …
|
CWE-79
Cross-site Scripting
|
CVE-2018-18776
|
2024-11-21 12:56 |
2018-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245746
|
6.1 |
MEDIUM
Network
|
microstrategy
|
microstrategy_web
|
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18775
|
2024-11-21 12:56 |
2018-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245747
|
7.8 |
HIGH
Local
|
iobit
|
malware_fighter
|
RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code executi…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-18714
|
2024-11-21 12:56 |
2018-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245748
|
7.8 |
HIGH
Local
|
m2soft
|
report_designer
|
M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-18695
|
2024-11-21 12:56 |
2018-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245749
|
9.8 |
CRITICAL
Network
|
1234n
|
minicms
|
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
|
CWE-94
Code Injection
|
CVE-2018-18892
|
2024-11-21 12:56 |
2018-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245750
|
7.5 |
HIGH
Network
|
1234n
|
minicms
|
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
|
CWE-287
Improper Authentication
|
CVE-2018-18891
|
2024-11-21 12:56 |
2018-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
