|
246791
|
9.8 |
CRITICAL
Network
|
microfocus
|
secure_messaging_gateway
|
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements…
|
CWE-89
SQL Injection
|
CVE-2018-12464
|
2024-11-21 12:45 |
2018-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246792
|
7.8 |
HIGH
Local
|
polarisoffice
|
polaris_office_2017
|
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
|
CWE-426
Untrusted Search Path
|
CVE-2018-12589
|
2024-11-21 12:45 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246793
|
5.3 |
MEDIUM
Network
|
eclipse
oracle
|
jetty
retail_xstore_point_of_service
|
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handle…
|
NVD-CWE-noinfo
|
CVE-2018-12536
|
2024-11-21 12:45 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246794
|
8.8 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates inv…
|
CWE-20
Improper Input Validation
|
CVE-2018-12712
|
2024-11-21 12:45 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246795
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special character…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12711
|
2024-11-21 12:45 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246796
|
8.8 |
HIGH
Network
|
lfdycms
|
lfcms
|
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the…
|
CWE-352
Origin Validation Error
|
CVE-2018-12603
|
2024-11-21 12:45 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246797
|
7.5 |
HIGH
Network
|
saj-electric
|
saj_solar_inverter
|
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI.
|
CWE-200
Information Exposure
|
CVE-2018-12735
|
2024-11-21 12:45 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246798
|
8.8 |
HIGH
Network
|
lfdycms
|
lfcms
|
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
|
CWE-352
Origin Validation Error
|
CVE-2018-12602
|
2024-11-21 12:45 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246799
|
7.5 |
HIGH
Network
|
block18
|
block18
|
The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into …
|
CWE-20
Improper Input Validation
|
CVE-2018-12703
|
2024-11-21 12:45 |
2018-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246800
|
7.5 |
HIGH
Network
|
gve
|
globalvillage_ecosystem
|
The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances…
|
CWE-20
Improper Input Validation
|
CVE-2018-12702
|
2024-11-21 12:45 |
2018-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
