|
246171
|
9.8 |
CRITICAL
Network
|
control-webpanel
|
webpanel
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop para…
|
CWE-78
OS Command
|
CVE-2018-18322
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246172
|
7.5 |
HIGH
Network
|
qiku
|
360_mobile_phone_n6_pro_firmware
|
The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-18318
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246173
|
8.8 |
HIGH
Network
|
dscms_project
|
dscms
|
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-18317
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246174
|
8.8 |
HIGH
Network
|
emlog
|
emlog
|
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-18316
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246175
|
7.5 |
HIGH
Network
|
mossle
|
lemon
|
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not valida…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-18315
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246176
|
5.5 |
MEDIUM
Local
|
elfutils_project
debian
redhat
opensuse
canonical
|
elfutils
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
leap
ubuntu_linux
|
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (applicatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-18310
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246177
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. T…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-18309
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246178
|
6.1 |
MEDIUM
Network
|
metinfo
|
metinfo
|
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18296
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246179
|
6.1 |
MEDIUM
Network
|
asus
|
rt-ac58u_firmware
|
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecuri…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18291
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246180
|
4.8 |
MEDIUM
Network
|
nconsulting
|
nc-cms
|
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires admi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18290
|
2024-11-21 12:55 |
2018-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
