|
246221
|
8.8 |
HIGH
Network
|
express-cart_project
|
express-cart
|
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-16483
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246222
|
7.5 |
HIGH
Network
|
mcstatic_project
|
mcstatic
|
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL pat…
|
CWE-22
Path Traversal
|
CVE-2018-16482
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246223
|
6.1 |
MEDIUM
Network
|
html-pages_project
|
html-pages
|
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16481
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246224
|
6.1 |
MEDIUM
Network
|
public_project
|
public
|
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16480
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246225
|
7.5 |
HIGH
Network
|
http-live-simulator_project
|
http-live-simulator
|
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.
|
CWE-22
Path Traversal
|
CVE-2018-16479
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246226
|
7.8 |
HIGH
Local
|
lenovo
|
synaptics_thinkpad_ultranav_driver
thinkpad_helix_firmware
thiankpad_l430_firmware
thiankpad_l530_firmware
thiankpad_p1_firmware
thiankpad_x1_extreme_firmware
thiankpad_p50s_firmwar…
|
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2018-16098
|
2024-11-21 12:52 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246227
|
6.1 |
MEDIUM
Network
|
ohtanz
|
spam-byebye
|
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16206
|
2024-11-21 12:52 |
2019-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246228
|
5.4 |
MEDIUM
Network
|
weseek
|
growi
|
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16205
|
2024-11-21 12:52 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246229
|
4.8 |
MEDIUM
Network
|
google_xml_sitemaps_project
|
google_xml_sitemaps
|
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16204
|
2024-11-21 12:52 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246230
|
9.8 |
CRITICAL
Network
|
pgpool
|
pgpooladmin
|
PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-16203
|
2024-11-21 12:52 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
