|
245851
|
7.8 |
HIGH
Local
|
purevpn
|
purevpn
|
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all loc…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-18656
|
2024-11-21 12:56 |
2018-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245852
|
4.3 |
MEDIUM
Network
|
prayer_project
|
prayer
|
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.
|
CWE-200
Information Exposure
|
CVE-2018-18655
|
2024-11-21 12:56 |
2018-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245853
|
7.8 |
HIGH
Local
|
debian
|
crossroads
|
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-18654
|
2024-11-21 12:56 |
2018-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245854
|
7.8 |
HIGH
Local
|
canonical
|
ubuntu_linux
|
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loadin…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-18653
|
2024-11-21 12:56 |
2018-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245855
|
7.2 |
HIGH
Network
|
veritas
|
netbackup_appliance
|
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient f…
|
NVD-CWE-noinfo
|
CVE-2018-18652
|
2024-11-21 12:56 |
2018-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245856
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdft…
|
CWE-834
Excessive Iteration
|
CVE-2018-18651
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245857
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdf…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-18650
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245858
|
8.1 |
HIGH
Network
|
neatorobotics
|
botvac_connected_firmware
|
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON dat…
|
CWE-78
OS Command
|
CVE-2018-18638
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245859
|
6.1 |
MEDIUM
Network
|
communigate
|
communigate_pro
|
CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a …
|
CWE-79
Cross-site Scripting
|
CVE-2018-18621
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245860
|
5.9 |
MEDIUM
Network
|
polycom
|
unified_communications_software
vvx_601_firmware
vvx_500_firmware
|
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used wi…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-18568
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
