|
246151
|
9.8 |
CRITICAL
Network
|
opendental
|
opendental
|
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all d…
|
CWE-521
Weak Password Requirements
|
CVE-2018-15719
|
2024-11-21 12:51 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246152
|
7.5 |
HIGH
Network
|
opendental
|
opendental
|
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to username…
|
CWE-200
Information Exposure
|
CVE-2018-15718
|
2024-11-21 12:51 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246153
|
5.3 |
MEDIUM
Network
|
opendental
|
opendental
|
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-15717
|
2024-11-21 12:51 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246154
|
9.1 |
CRITICAL
Network
|
accusoft
|
prizmdoc
|
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumptio…
|
CWE-611
XXE
|
CVE-2018-15805
|
2024-11-21 12:51 |
2018-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246155
|
6.8 |
MEDIUM
Network
|
cloud_foundry
|
bits_service
|
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing th…
|
CWE-200
Information Exposure
|
CVE-2018-15800
|
2024-11-21 12:51 |
2018-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246156
|
8.8 |
HIGH
Network
|
pivotal_software
|
cloud_foundry_nfs_volume
|
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-15797
|
2024-11-21 12:51 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246157
|
4.3 |
MEDIUM
Physics
|
dell
|
data_protection_\|_encryption
|
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentiall…
|
CWE-200
Information Exposure
|
CVE-2018-15773
|
2024-11-21 12:51 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246158
|
8.8 |
HIGH
Network
|
nuuo
|
nvrmini2_firmware
|
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
|
CWE-78
OS Command
|
CVE-2018-15716
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246159
|
9.8 |
CRITICAL
Network
|
zoom
|
zoom
|
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unau…
|
CWE-20
Improper Input Validation
|
CVE-2018-15715
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246160
|
7.5 |
HIGH
Network
|
google
|
android
|
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15835
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
