|
247691
|
8.8 |
HIGH
Network
|
kliqqi
|
kliqqi_cms
|
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
|
CWE-352
Origin Validation Error
|
CVE-2018-11405
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247692
|
6.1 |
MEDIUM
Network
|
domainmod
|
domainmod
|
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11404
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247693
|
5.4 |
MEDIUM
Network
|
domainmod
|
domainmod
|
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11403
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247694
|
6.6 |
MEDIUM
Physics
|
simplisafe
|
u9k-kp1000_firmware
|
SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-11402
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247695
|
4.6 |
MEDIUM
Physics
|
simplisafe
|
u9k-bs1000_firmware
|
In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.
|
NVD-CWE-noinfo
|
CVE-2018-11401
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247696
|
4.6 |
MEDIUM
Physics
|
simplisafe
|
u9k-bs1000_firmware
|
In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.
|
NVD-CWE-noinfo
|
CVE-2018-11400
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247697
|
4.3 |
MEDIUM
Physics
|
simplisafe
|
u9k-es1000_firmware
u9k-kr1_firmware
u9k-ms1000_firmware
u9k-wt1000_firmware
|
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occ…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-11399
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247698
|
7.5 |
HIGH
Network
|
gnome
|
epiphany
|
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NU…
|
NVD-CWE-noinfo
|
CVE-2018-11396
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247699
|
7.8 |
HIGH
Local
|
windscribe
|
windscribe
|
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-11334
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247700
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11362
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
