|
247101
|
7.5 |
HIGH
Network
|
openpsa2
|
openpsa
|
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulner…
|
CWE-91
Blind XPath Injection
|
CVE-2018-1000526
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247102
|
9.8 |
CRITICAL
Network
|
openpsa2
|
openpsa
|
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000525
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247103
|
5.5 |
MEDIUM
Local
|
spheredev
|
minisphere
|
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploit…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-1000524
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247104
|
8.1 |
HIGH
Network
|
topydo
|
topydo
|
topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in …
|
CWE-20
Improper Input Validation
|
CVE-2018-1000523
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247105
|
6.1 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000521
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247106
|
7.5 |
HIGH
Network
|
arm
|
mbed_tls
|
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are a…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-1000520
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247107
|
6.5 |
MEDIUM
Network
|
aio-libs_project
|
aiohttp
|
aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storag…
|
CWE-384
Session Fixation
|
CVE-2018-1000519
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247108
|
7.5 |
HIGH
Network
|
websockets_project
|
websockets
|
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-1000518
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247109
|
9.8 |
CRITICAL
Network
|
busybox
debian
canonical
|
busybox
debian_linux
ubuntu_linux
|
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This at…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-1000517
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247110
|
7.5 |
HIGH
Network
|
news-articles_project
|
news-articles
|
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file i…
|
CWE-611
XXE
|
CVE-2018-1000515
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
