|
245861
|
5.9 |
MEDIUM
Network
|
audiocodes
|
440hd_firmware
450hd_firmware
|
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used wi…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-18567
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245862
|
5.3 |
MEDIUM
Network
|
polycom
|
unified_communications_software
vvx_601_firmware
vvx_500_firmware
|
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation…
|
CWE-200
Information Exposure
|
CVE-2018-18566
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245863
|
6.5 |
MEDIUM
Network
|
serverscheck
|
monitoring_software
|
ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK …
|
CWE-22
Path Traversal
|
CVE-2018-18552
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245864
|
6.1 |
MEDIUM
Network
|
serverscheck
|
monitoring_software
|
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html locatio…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18551
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245865
|
6.1 |
MEDIUM
Network
|
d-link
|
dsl-2640t_firmware
|
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18636
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245866
|
6.1 |
MEDIUM
Network
|
mailcleaner
|
mailcleaner
|
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18635
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245867
|
6.1 |
MEDIUM
Network
|
ajenti
|
ajenticp
|
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18548
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245868
|
6.1 |
MEDIUM
Network
|
vestacp
|
control_panel
|
Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filenam…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18547
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245869
|
4.8 |
MEDIUM
Network
|
citrix
|
netscaler_gateway_firmware
|
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18517
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245870
|
9.8 |
CRITICAL
Network
|
nedap
|
mysql-binuuid-rails
|
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.
|
CWE-89
SQL Injection
|
CVE-2018-18476
|
2024-11-21 12:56 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
