|
247481
|
8.8 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
|
CWE-352
Origin Validation Error
|
CVE-2018-11636
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247482
|
9.8 |
CRITICAL
Network
|
dialogic
|
powermedia_xms
|
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows rem…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11635
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247483
|
7.8 |
HIGH
Local
|
dialogic
|
powermedia_xms
|
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/w…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-11634
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247484
|
9.6 |
CRITICAL
Network
|
sonos
|
sonos_firmware
|
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to…
|
CWE-20
Improper Input Validation
|
CVE-2018-11316
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247485
|
9.6 |
CRITICAL
Network
|
roku
|
roku_firmware
|
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be e…
|
CWE-20
Improper Input Validation
|
CVE-2018-11314
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247486
|
9.8 |
CRITICAL
Network
|
puppet
|
discovery
|
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This c…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-11746
|
2024-11-21 12:43 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247487
|
9.8 |
CRITICAL
Network
|
asustor
|
adm
|
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
|
CWE-78
OS Command
|
CVE-2018-11510
|
2024-11-21 12:43 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247488
|
7.8 |
HIGH
Local
|
siemens
|
scalance_m875_firmware
|
A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires…
|
NVD-CWE-noinfo
|
CVE-2018-11449
|
2024-11-21 12:43 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247489
|
4.8 |
MEDIUM
Network
|
siemens
|
scalance_m875_firmware
|
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into a…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11448
|
2024-11-21 12:43 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247490
|
8.8 |
HIGH
Network
|
siemens
|
scalance_m875_firmware
|
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into a…
|
CWE-352
Origin Validation Error
|
CVE-2018-11447
|
2024-11-21 12:43 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
