|
250761
|
8.8 |
HIGH
Network
|
libming
|
libming
|
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11017
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250762
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-816_a2_firmware
|
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code v…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11013
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250763
|
6.1 |
MEDIUM
Network
|
halo
|
halo
|
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11012
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250764
|
6.1 |
MEDIUM
Network
|
halo
|
halo
|
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11011
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250765
|
8.8 |
HIGH
Network
|
sdcms
|
sdcms
|
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=ad…
|
CWE-352
Origin Validation Error
|
CVE-2018-11004
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250766
|
6.5 |
MEDIUM
Network
|
yxcms
|
yxcms
|
An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts…
|
CWE-352
Origin Validation Error
|
CVE-2018-11003
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250767
|
6.5 |
MEDIUM
Network
|
exiv2
debian
canonical
|
exiv2
debian_linux
ubuntu_linux
|
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10999
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250768
|
6.5 |
MEDIUM
Network
|
exiv2
canonical
debian
redhat
|
exiv2
ubuntu_linux
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
|
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
|
NVD-CWE-noinfo
|
CVE-2018-10998
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250769
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-629-b_firmware
|
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout requ…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10996
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250770
|
9.8 |
CRITICAL
Network
|
lilypond
|
lilypond
|
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-inje…
|
CWE-88
Argument Injection
|
CVE-2018-10992
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
