|
248561
|
8.8 |
HIGH
Network
|
trovebox
|
trovebox
|
Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This …
|
NVD-CWE-noinfo
|
CVE-2018-1000551
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248562
|
9.8 |
CRITICAL
Network
|
sympa
debian
|
sympa
debian_linux
|
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify fil…
|
CWE-22
Path Traversal
|
CVE-2018-1000550
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248563
|
5.3 |
MEDIUM
Network
|
wekan_project
|
wekan
|
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to ob…
|
CWE-200
Information Exposure
|
CVE-2018-1000549
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248564
|
7.8 |
HIGH
Local
|
umlet
|
umlet
|
Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack…
|
CWE-611
XXE
|
CVE-2018-1000548
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248565
|
5.3 |
MEDIUM
Network
|
corebos
|
corebos
|
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000547
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248566
|
7.8 |
HIGH
Local
|
triplea-game
|
triplea
|
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote c…
|
CWE-611
XXE
|
CVE-2018-1000546
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248567
|
9.8 |
CRITICAL
Network
|
rubyzip_project
debian
redhat
|
rubyzip
debian_linux
cloudforms
|
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be …
|
CWE-59
CWE-434
Link Following
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000544
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248568
|
6.1 |
MEDIUM
Network
|
rockiger
|
akiee
|
Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000543
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248569
|
7.8 |
HIGH
Local
|
netbeans-mmd-plugin_project
|
netbeans-mmd-plugin
|
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote c…
|
CWE-611
XXE
|
CVE-2018-1000542
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248570
|
7.8 |
HIGH
Local
|
loboevolution_project
|
loboevolution
|
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosu…
|
CWE-611
XXE
|
CVE-2018-1000540
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
