|
248581
|
6.1 |
MEDIUM
Network
|
debian
gonicus
|
debian_linux
gosa
|
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in in…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000528
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248582
|
7.2 |
HIGH
Network
|
froxlor
|
froxlor
|
Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be ex…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000527
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248583
|
7.5 |
HIGH
Network
|
openpsa2
|
openpsa
|
Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulner…
|
CWE-91
Blind XPath Injection
|
CVE-2018-1000526
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248584
|
9.8 |
CRITICAL
Network
|
openpsa2
|
openpsa
|
openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000525
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248585
|
5.5 |
MEDIUM
Local
|
spheredev
|
minisphere
|
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploit…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-1000524
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248586
|
8.1 |
HIGH
Network
|
topydo
|
topydo
|
topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in …
|
CWE-20
Improper Input Validation
|
CVE-2018-1000523
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248587
|
6.1 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000521
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248588
|
7.5 |
HIGH
Network
|
arm
|
mbed_tls
|
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are a…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-1000520
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248589
|
6.5 |
MEDIUM
Network
|
aio-libs_project
|
aiohttp
|
aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storag…
|
CWE-384
Session Fixation
|
CVE-2018-1000519
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248590
|
7.5 |
HIGH
Network
|
websockets_project
|
websockets
|
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-1000518
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
