|
248401
|
8.8 |
HIGH
Network
|
clustercoding
|
blog_master_pro
|
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, lea…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-10255
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248402
|
7.5 |
HIGH
Network
|
libreoffice
apache
debian
redhat
canonical
|
libreoffice
openoffice
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ubuntu_linux
|
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstr…
|
CWE-200
Information Exposure
|
CVE-2018-10583
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248403
|
5.4 |
MEDIUM
Network
|
threads_to_link_project
|
threads_to_link
|
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly …
|
CWE-79
Cross-site Scripting
|
CVE-2018-10365
|
2024-11-21 12:41 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248404
|
5.4 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated …
|
CWE-200
Information Exposure
|
CVE-2018-10581
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248405
|
6.1 |
MEDIUM
Network
|
wunderfarm
|
wf_cookie_consent
|
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that all…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10371
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248406
|
7.8 |
HIGH
Local
|
watchguard
|
ap200_firmware
ap102_firmware
ap100_firmware
|
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a l…
|
CWE-287
Improper Authentication
|
CVE-2018-10576
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248407
|
9.8 |
CRITICAL
Network
|
watchguard
|
ap200_firmware
ap102_firmware
ap100_firmware
|
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-10575
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248408
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10364
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248409
|
9.8 |
CRITICAL
Network
|
bigtreecms
|
bigtree_cms
|
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php do…
|
CWE-94
Code Injection
|
CVE-2018-10574
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248410
|
8.8 |
HIGH
Network
|
open-emr
|
openemr
|
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
|
NVD-CWE-noinfo
|
CVE-2018-10573
|
2024-11-21 12:41 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
