|
248891
|
6.1 |
MEDIUM
Network
|
jdownloads
|
jdownloads
|
The jDownloads extension before 3.2.59 for Joomla! has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10068
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248892
|
5.4 |
MEDIUM
Network
|
cacti
debian
|
cacti
debian_linux
|
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
|
CWE-79
Cross-site Scripting
|
CVE-2018-10061
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248893
|
5.4 |
MEDIUM
Network
|
cacti
debian
|
cacti
debian_linux
|
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10060
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248894
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10059
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248895
|
9.8 |
CRITICAL
Network
|
ipvanish
|
ipvanish
|
IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to exec…
|
NVD-CWE-noinfo
|
CVE-2018-10192
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248896
|
7.8 |
HIGH
Local
|
londontrustmedia
|
private_internet_access
|
A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vul…
|
CWE-269
Improper Privilege Management
|
CVE-2018-10190
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248897
|
9.8 |
CRITICAL
Network
|
nordvpn
|
nordvpn
|
NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary in…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10170
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248898
|
9.8 |
CRITICAL
Network
|
protonmail
|
protonvpn
|
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary i…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-10169
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248899
|
7.8 |
HIGH
Local
|
debian
libreoffice
redhat
canonical
|
debian_linux
libreoffice
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ubuntu_linux
|
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to …
|
CWE-787
CWE-129
Out-of-bounds Write
Improper Validation of Array Index
|
CVE-2018-10120
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248900
|
7.8 |
HIGH
Local
|
libreoffice
debian
redhat
canonical
|
libreoffice
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ubuntu_linux
|
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of s…
|
CWE-416
Use After Free
|
CVE-2018-10119
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
