|
248361
|
9.8 |
CRITICAL
Network
|
axublog
|
axublog
|
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file.
|
CWE-94
Code Injection
|
CVE-2018-10740
|
2024-11-21 12:41 |
2018-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248362
|
5.5 |
MEDIUM
Local
|
2345_security_guard_project
|
2345_security_guard
|
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is …
|
NVD-CWE-noinfo
|
CVE-2018-10739
|
2024-11-21 12:41 |
2018-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248363
|
6.5 |
MEDIUM
Network
|
gnome
redhat
opensuse
|
libgxps
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ansible_tower
leap
|
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10733
|
2024-11-21 12:41 |
2018-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248364
|
5.4 |
MEDIUM
Network
|
datenstrom
|
yellow
|
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10726
|
2024-11-21 12:41 |
2018-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248365
|
8.1 |
HIGH
Network
|
dlink
|
dir-601_firmware
|
D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext.
|
CWE-287
Improper Authentication
|
CVE-2018-10641
|
2024-11-21 12:41 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248366
|
9.8 |
CRITICAL
Network
|
dasannetworks
|
gpon_router_firmware
|
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping re…
|
CWE-78
OS Command
|
CVE-2018-10562
|
2024-11-21 12:41 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248367
|
9.8 |
CRITICAL
Network
|
dasannetworks
|
gpon_router_firmware
|
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the…
|
CWE-287
Improper Authentication
|
CVE-2018-10561
|
2024-11-21 12:41 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248368
|
7.8 |
HIGH
Local
|
cylance
|
cylanceprotect
|
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process …
|
CWE-59
Link Following
|
CVE-2018-10722
|
2024-11-21 12:41 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248369
|
10.0 |
CRITICAL
Network
|
activision
|
call_of_duty_modern_warfare_2
|
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10718
|
2024-11-21 12:41 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248370
|
8.8 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10717
|
2024-11-21 12:41 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
