|
245961
|
9.8 |
CRITICAL
Network
|
raspberrypi
|
raspberry_pi_3_model_b\+_firmware
|
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2018-18068
|
2024-11-21 12:55 |
2019-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245962
|
6.1 |
MEDIUM
Network
|
open-emr
|
openemr
|
A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18035
|
2024-11-21 12:55 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245963
|
8.8 |
HIGH
Network
|
dlink
|
dsl-3782_firmware
|
An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the…
|
CWE-78
OS Command
|
CVE-2018-17990
|
2024-11-21 12:55 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245964
|
5.4 |
MEDIUM
Network
|
dlink
|
dsl-3782_firmware
|
A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17989
|
2024-11-21 12:55 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245965
|
7.8 |
HIGH
Local
|
kioware
|
kioware_server
|
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-18435
|
2024-11-21 12:55 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245966
|
9.8 |
CRITICAL
Network
|
patlite
|
nbm-d88n_firmware
nhl-3fb1_firmware
nhl-3fv1n_firmware
|
A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-18473
|
2024-11-21 12:55 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245967
|
7.0 |
HIGH
Local
|
securenvoy
|
securaccess
|
An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in t…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-18466
|
2024-11-21 12:55 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245968
|
6.1 |
MEDIUM
Network
|
layerbb
|
layerbb
|
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
|
CWE-79
Cross-site Scripting
|
CVE-2018-17997
|
2024-11-21 12:55 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245969
|
6.5 |
MEDIUM
Network
|
layerbb
|
layerbb
|
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
|
CWE-352
Origin Validation Error
|
CVE-2018-17996
|
2024-11-21 12:55 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245970
|
7.5 |
HIGH
Network
|
top-vision
|
cc8800ce_firmware
|
Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.
|
CWE-200
Information Exposure
|
CVE-2018-18205
|
2024-11-21 12:55 |
2019-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
