|
247641
|
9.8 |
CRITICAL
Network
|
nuuo
|
nvrmini_2_firmware
|
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11523
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247642
|
7.5 |
HIGH
Network
|
dtsearch
|
dtsearch
|
A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-11488
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247643
|
5.3 |
MEDIUM
Network
|
myscada
|
mypro
|
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
|
CWE-200
Information Exposure
|
CVE-2018-11517
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247644
|
8.8 |
HIGH
Network
|
videolan
|
vlc_media_player
|
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possi…
|
CWE-416
Use After Free
|
CVE-2018-11516
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247645
|
5.4 |
MEDIUM
Network
|
moderator_log_notes_project
|
moderator_log_notes
|
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11430
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247646
|
9.8 |
CRITICAL
Network
|
membermouse
|
membermouse
|
Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admi…
|
CWE-89
SQL Injection
|
CVE-2018-11309
|
2024-11-21 12:43 |
2018-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247647
|
9.8 |
CRITICAL
Network
|
gvectors
|
wpforo
|
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.
|
CWE-89
SQL Injection
|
CVE-2018-11515
|
2024-11-21 12:43 |
2018-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247648
|
8.8 |
HIGH
Network
|
naukri_clone_script_project
|
naukri_clone_script
|
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11514
|
2024-11-21 12:43 |
2018-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247649
|
4.8 |
MEDIUM
Network
|
creatiwity
|
witycms
|
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11512
|
2024-11-21 12:43 |
2018-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247650
|
5.5 |
MEDIUM
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
|
CWE-200
Information Exposure
|
CVE-2018-11508
|
2024-11-21 12:43 |
2018-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
