|
248081
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
|
CWE-200
Information Exposure
|
CVE-2018-11037
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248082
|
7.8 |
HIGH
Local
|
2345.cc
|
security_guard
|
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating…
|
CWE-20
Improper Input Validation
|
CVE-2018-11035
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248083
|
7.8 |
HIGH
Local
|
2345.cc
|
security_guard
|
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating…
|
CWE-20
Improper Input Validation
|
CVE-2018-11034
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248084
|
5.9 |
MEDIUM
Network
|
rasputinonline
|
rasputin_online_coin
|
The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.
|
NVD-CWE-noinfo
|
CVE-2018-10944
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248085
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11033
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248086
|
9.8 |
CRITICAL
Network
|
gouguoyin
|
phprap
|
PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.
|
CWE-89
SQL Injection
|
CVE-2018-11032
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248087
|
9.8 |
CRITICAL
Network
|
gouguoyin
|
phprap
|
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-11031
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248088
|
8.8 |
HIGH
Network
|
pbootcms
|
pbootcms
|
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts vi…
|
CWE-352
Origin Validation Error
|
CVE-2018-11018
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248089
|
8.8 |
HIGH
Network
|
libming
|
libming
|
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11017
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248090
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-816_a2_firmware
|
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code v…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11013
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
