|
248981
|
6.5 |
MEDIUM
Network
|
aio-libs_project
|
aiohttp
|
aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storag…
|
CWE-384
Session Fixation
|
CVE-2018-1000519
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248982
|
7.5 |
HIGH
Network
|
websockets_project
|
websockets
|
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-1000518
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248983
|
9.8 |
CRITICAL
Network
|
busybox
debian
canonical
|
busybox
debian_linux
ubuntu_linux
|
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This at…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-1000517
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248984
|
7.5 |
HIGH
Network
|
news-articles_project
|
news-articles
|
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file i…
|
CWE-611
XXE
|
CVE-2018-1000515
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248985
|
4.3 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed …
|
CWE-352
Origin Validation Error
|
CVE-2018-1000514
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248986
|
6.1 |
MEDIUM
Network
|
galaxyproject
|
galaxy
|
The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sani…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000516
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248987
|
4.8 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have b…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000513
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248988
|
6.1 |
MEDIUM
Network
|
tooltipy_project
|
tooltipy
|
Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000512
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248989
|
7.5 |
HIGH
Network
|
wpulike
|
ulike
|
WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via A…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000511
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248990
|
6.5 |
MEDIUM
Network
|
silkypress
|
image_zoom
|
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Ca…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000510
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
