|
247511
|
5.5 |
MEDIUM
Local
|
libpff_project
|
libpff
|
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) v…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11723
|
2024-11-21 12:43 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247512
|
6.5 |
MEDIUM
Network
|
auth0
|
angular-jwt
|
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypa…
|
CWE-20
Improper Input Validation
|
CVE-2018-11537
|
2024-11-21 12:43 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247513
|
7.8 |
HIGH
Local
|
webtoffee
|
wordpress_comments_import_and_export
|
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-11526
|
2024-11-21 12:43 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247514
|
7.8 |
HIGH
Local
|
algolplus
|
advanced_order_export_for_woocommerce
|
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-11525
|
2024-11-21 12:43 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247515
|
6.1 |
MEDIUM
Network
|
oauth2orize-fprm_project
|
oauth2orize-fprm
|
index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11647
|
2024-11-21 12:43 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247516
|
6.1 |
MEDIUM
Network
|
balbooa
|
gridbox
|
The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could expl…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11690
|
2024-11-21 12:43 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247517
|
6.1 |
MEDIUM
Network
|
samsung
hanwha-security
|
smartviewer
hrd-1642_firmware
hrd-842_firmware
hrd-442_firmware
hrd-1641_firmware
hrd-841_firmware
hrd-840_firmware
hrd-440_firmware
hrd-443_firmware
srd-1694u_firmware
|
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was tr…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11689
|
2024-11-21 12:43 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247518
|
9.8 |
CRITICAL
Network
|
point-to-point_protocol_project
canonical
|
point-to-point_protocol
ubuntu_linux
|
Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is …
|
CWE-20
CWE-190
Improper Input Validation
Integer Overflow or Wraparound
|
CVE-2018-11574
|
2024-11-21 12:43 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247519
|
6.1 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11688
|
2024-11-21 12:43 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247520
|
6.1 |
MEDIUM
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera…
|
CWE-601
Open Redirect
|
CVE-2018-11408
|
2024-11-21 12:43 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
