|
249511
|
5.5 |
MEDIUM
Local
|
linux netapp opensuse
|
linux_kernel element_software active_iq_performance_analytics_services leap
|
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
|
CWE-863
Incorrect Authorization
|
CVE-2018-16597
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249512
|
6.1 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16786
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249513
|
7.2 |
HIGH
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
|
CWE-91
Blind XPath Injection
|
CVE-2018-16784
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249514
|
8.8 |
HIGH
Network
|
linknet-usa
|
lw-n605r_firmware
|
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the d…
|
CWE-78 CWE-1188
OS Command Insecure Default Initialization of Resource
|
CVE-2018-16752
|
2024-11-21 12:53 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249515
|
8.8 |
HIGH
Network
|
dedecms
|
dedecms
|
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
|
CWE-91
Blind XPath Injection
|
CVE-2018-16785
|
2024-11-21 12:53 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249516
|
5.4 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16607
|
2024-11-21 12:53 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249517
|
7.5 |
HIGH
Network
|
bitcoinknots bitcoin
|
bitcoin_knots bitcoin_core
|
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitabl…
|
NVD-CWE-noinfo
|
CVE-2018-17144
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249518
|
9.8 |
CRITICAL
Network
|
coinlancer
|
coinlancer
|
The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use …
|
NVD-CWE-noinfo
|
CVE-2018-17111
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249519
|
7.5 |
HIGH
Network
|
lucky9
|
lucky9io
|
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variab…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2018-17071
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249520
|
7.5 |
HIGH
Network
|
monstra
|
monstra
|
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
|
CWE-22
Path Traversal
|
CVE-2018-16820
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|