|
248131
|
6.5 |
MEDIUM
Network
|
foxitsoftware
|
phantompdf
foxit_reader
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in tha…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10475
|
2024-11-21 12:41 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248132
|
8.8 |
HIGH
Network
|
foxitsoftware
|
phantompdf
foxit_reader
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the ta…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10474
|
2024-11-21 12:41 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248133
|
8.8 |
HIGH
Network
|
foxitsoftware
|
phantompdf
foxit_reader
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the ta…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10473
|
2024-11-21 12:41 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248134
|
8.1 |
HIGH
Network
|
actiontec
|
wcb6200q_firmware
|
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a sessi…
|
CWE-384
Session Fixation
|
CVE-2018-10252
|
2024-11-21 12:41 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248135
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
|
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.
|
CWE-601
Open Redirect
|
CVE-2018-10678
|
2024-11-21 12:41 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248136
|
5.4 |
MEDIUM
Network
|
latest_posts_on_profile_project
|
latest_posts_on_profile
|
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread s…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10580
|
2024-11-21 12:41 |
2018-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248137
|
7.5 |
HIGH
Network
|
social-chain
|
social_chain
|
An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digita…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-10706
|
2024-11-21 12:41 |
2018-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248138
|
7.8 |
HIGH
Local
|
devicelock
|
plug_and_play_auditor
|
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10655
|
2024-11-21 12:41 |
2018-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248139
|
5.4 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action …
|
CWE-79
Cross-site Scripting
|
CVE-2018-10314
|
2024-11-21 12:41 |
2018-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248140
|
9.8 |
CRITICAL
Network
|
redhat
|
wildfly
|
An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE:…
|
CWE-287
Improper Authentication
|
CVE-2018-10683
|
2024-11-21 12:41 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
