|
248891
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may le…
|
CWE-269
Improper Privilege Management
|
CVE-2018-1000648
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248892
|
7.1 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable …
|
CWE-22
CWE-20
Path Traversal
Improper Input Validation
|
CVE-2018-1000647
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248893
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000646
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248894
|
6.5 |
MEDIUM
Network
|
librehealth
|
librehealth_ehr
|
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive…
|
CWE-200
Information Exposure
|
CVE-2018-1000645
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248895
|
10.0 |
CRITICAL
Network
|
eclipse
|
rdf4j
|
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of se…
|
CWE-611
XXE
|
CVE-2018-1000644
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248896
|
6.1 |
MEDIUM
Network
|
flightairmap
|
flightairmap
|
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to da…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000642
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248897
|
9.8 |
CRITICAL
Network
|
yeswiki
|
yeswiki
|
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of infor…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000641
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248898
|
6.1 |
MEDIUM
Network
|
villagedefrance
|
opencart-overclocked
|
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000640
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248899
|
9.6 |
CRITICAL
Network
|
latexdraw_project
|
latexdraw
|
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce…
|
CWE-611
XXE
|
CVE-2018-1000639
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248900
|
6.1 |
MEDIUM
Network
|
1234n
|
minicms
|
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection.
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000638
|
2024-11-21 12:40 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
