|
246711
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-615_firmware
|
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SO…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15875
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246712
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-615_firmware
|
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15874
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246713
|
6.5 |
MEDIUM
Network
|
libming
|
libming
|
An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15871
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246714
|
6.5 |
MEDIUM
Network
|
libming
|
libming
|
An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to de…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15870
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246715
|
5.3 |
MEDIUM
Network
|
hashicorp
|
packer
|
An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security be…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15869
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246716
|
8.1 |
HIGH
Network
|
hazzardweb
|
easylogin_pro
|
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the k…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15576
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246717
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that fil…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15605
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246718
|
5.5 |
MEDIUM
Local
|
tecrail
|
responsive_filemanager
|
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary f…
|
CWE-22
Path Traversal
|
CVE-2018-15536
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246719
|
7.5 |
HIGH
Network
|
tecrail
|
responsive_filemanager
|
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutrali…
|
CWE-22
Path Traversal
|
CVE-2018-15535
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246720
|
8.8 |
HIGH
Network
|
couchbase
|
couchbase_server
|
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang cod…
|
CWE-94
Code Injection
|
CVE-2018-15728
|
2024-11-21 12:51 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
