|
247601
|
9.8 |
CRITICAL
Network
|
miniupnp_project
|
ngiflib
|
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11576
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247602
|
9.8 |
CRITICAL
Network
|
miniupnp_project
|
ngiflib
|
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11575
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247603
|
5.4 |
MEDIUM
Network
|
clippercms
|
clippercms
|
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11572
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247604
|
8.8 |
HIGH
Network
|
clippercms
|
clippercms
|
ClipperCMS 1.3.3 allows Session Fixation.
|
CWE-384
Session Fixation
|
CVE-2018-11571
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247605
|
6.1 |
MEDIUM
Network
|
cactusthemes
|
gameplan-event_and_gym_fitness
|
Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11568
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247606
|
5.3 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking …
|
CWE-200
Information Exposure
|
CVE-2018-11565
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247607
|
9.8 |
CRITICAL
Network
|
tp-link
|
ipc_tl-ipc223\(p\)-6_firmware
tl-ipc323k-d_firmware
tl-ipc325\(kp\)_firmware
tl-ipc40a-4_firmware
|
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11482
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247608
|
8.8 |
HIGH
Network
|
tp-link
|
ipc_tl-ipc223\(p\)-6_firmware
tl-ipc323k-d_firmware
tl-ipc325\(kp\)_firmware
tl-ipc40a-4_firmware
|
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua d…
|
CWE-20
Improper Input Validation
|
CVE-2018-11481
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247609
|
8.8 |
HIGH
Adjacent
|
vgate
|
icar_2_wi-fi_obd2_firmware
|
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be u…
|
CWE-287
Improper Authentication
|
CVE-2018-11478
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247610
|
3.3 |
LOW
Local
|
amazon
|
echo_show_firmware
echo_plus_firmware
echo_dot_firmware
echo_spot_firmware
echo_firmware
|
Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds…
|
CWE-384
Session Fixation
|
CVE-2018-11567
|
2024-11-21 12:43 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
