|
247781
|
5.3 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive …
|
CWE-200
Information Exposure
|
CVE-2018-15684
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247782
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the p…
|
CWE-601
Open Redirect
|
CVE-2018-15683
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247783
|
8.8 |
HIGH
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated…
|
CWE-352
Origin Validation Error
|
CVE-2018-15682
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247784
|
9.8 |
CRITICAL
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to…
|
CWE-732
CWE-916
Incorrect Permission Assignment for Critical Resource
Use of Password Hash With Insufficient Computational Effort
|
CVE-2018-15681
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247785
|
9.8 |
CRITICAL
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2018-15680
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247786
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15679
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247787
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15678
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247788
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2018-15677
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247789
|
5.3 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprin…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15676
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247790
|
7.5 |
HIGH
Network
|
argussurveillance
|
dvr
|
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
|
CWE-22
Path Traversal
|
CVE-2018-15745
|
2024-11-21 12:51 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
