|
249481
|
6.1 |
MEDIUM
Network
|
sixapart
|
movable_type
|
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2018-0672
|
2024-11-21 12:38 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249482
|
9.8 |
CRITICAL
Network
|
nomachine
|
nomachine
|
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2018-0664
|
2024-11-21 12:38 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249483
|
7.8 |
HIGH
Local
|
sony
|
digital_paper_app
|
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2018-0656
|
2024-11-21 12:38 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249484
|
7.8 |
HIGH
Local
|
ponsoftware
|
explzh
|
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2018-0646
|
2024-11-21 12:38 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249485
|
6.1 |
MEDIUM
Network
|
qnap
|
photo_station
|
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
|
CWE-79
Cross-site Scripting
|
CVE-2018-0715
|
2024-11-21 12:38 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249486
|
5.9 |
MEDIUM
Network
|
canonical
debian
|
ubuntu_linux
advanced_package_tool
|
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-0501
|
2024-11-21 12:38 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249487
|
6.7 |
MEDIUM
Local
|
cisco
|
web_security_appliance
|
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate wi…
|
CWE-269
Improper Privilege Management
|
CVE-2018-0428
|
2024-11-21 12:38 |
2018-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249488
|
8.8 |
HIGH
Network
|
cisco
|
application_policy_infrastructure_controller_enterprise_module
|
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability …
|
CWE-78
OS Command
|
CVE-2018-0427
|
2024-11-21 12:38 |
2018-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249489
|
7.5 |
HIGH
Network
|
cisco
|
email_security_appliance
|
A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affecte…
|
CWE-20
Improper Input Validation
|
CVE-2018-0419
|
2024-11-21 12:38 |
2018-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249490
|
8.6 |
HIGH
Network
|
cisco
|
ios_xr
|
A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a deni…
|
CWE-20
Improper Input Validation
|
CVE-2018-0418
|
2024-11-21 12:38 |
2018-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
