|
246201
|
6.5 |
MEDIUM
Network
|
printeron
|
printeron
|
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into maki…
|
CWE-352
Origin Validation Error
|
CVE-2018-17168
|
2024-11-21 12:53 |
2019-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246202
|
6.1 |
MEDIUM
Network
|
filemanagerpro
|
file_manager
|
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16967
|
2024-11-21 12:53 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246203
|
8.8 |
HIGH
Network
|
filemanagerpro
|
file_manager
|
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
|
CWE-352
Origin Validation Error
|
CVE-2018-16966
|
2024-11-21 12:53 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246204
|
7.5 |
HIGH
Network
|
openstack
redhat
|
octavia
openstack
|
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are read…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-16856
|
2024-11-21 12:53 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246205
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could…
|
CWE-22
Path Traversal
|
CVE-2018-16858
|
2024-11-21 12:53 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246206
|
5.4 |
MEDIUM
Network
|
fedoraproject
redhat
|
sssd
enterprise_linux
|
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users …
|
CWE-269
Improper Privilege Management
|
CVE-2018-16838
|
2024-11-21 12:53 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246207
|
5.4 |
MEDIUM
Network
|
printeron
|
printeron
|
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" f…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17167
|
2024-11-21 12:53 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246208
|
7.5 |
HIGH
Network
|
shellinabox_project
|
shellinabox
|
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-16789
|
2024-11-21 12:53 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246209
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr
|
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
|
CWE-89
SQL Injection
|
CVE-2018-16809
|
2024-11-21 12:53 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246210
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16808
|
2024-11-21 12:53 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
