|
248441
|
7.2 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be pre…
|
CWE-94
Code Injection
|
CVE-2018-10515
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248442
|
7.8 |
HIGH
Local
|
web-dorado
|
form_maker
|
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-10504
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248443
|
8.8 |
HIGH
Network
|
baijiacms_project
|
baijiacms
|
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an…
|
CWE-352
Origin Validation Error
|
CVE-2018-10503
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248444
|
5.6 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifyin…
|
CWE-200
Information Exposure
|
CVE-2018-10472
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248445
|
6.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10471
|
2024-11-21 12:41 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248446
|
9.8 |
CRITICAL
Network
|
b3log
|
symphony
|
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-10469
|
2024-11-21 12:41 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248447
|
5.9 |
MEDIUM
Network
|
google
redhat
oracle
|
guava
virtualization_host
virtualization
openshift_container_platform
satellite
openstack
satellite_capsule
jboss_enterprise_application_platform
flexcube_investor_servicing
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize at…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-10237
|
2024-11-21 12:41 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
248448
|
7.2 |
HIGH
Network
|
d-link
|
dir-615_firmware
|
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
|
CWE-78
OS Command
|
CVE-2018-10431
|
2024-11-21 12:41 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248449
|
4.8 |
MEDIUM
Network
|
dilicms
|
dilicms
|
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10430
|
2024-11-21 12:41 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248450
|
9.8 |
CRITICAL
Network
|
cosmocms
|
cosmo
|
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.
|
CWE-94
Code Injection
|
CVE-2018-10429
|
2024-11-21 12:41 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
