|
247441
|
7.8 |
HIGH
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
|
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12759
|
2024-11-21 12:45 |
2018-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247442
|
7.5 |
HIGH
Network
|
microfocus
|
enterprise_developer
enterprise_server
|
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Up…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-12469
|
2024-11-21 12:45 |
2018-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247443
|
7.8 |
HIGH
Local
|
corsair
|
corsair_utility_engine
|
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the Corsai…
|
CWE-276
Incorrect Default Permissions
|
CVE-2018-12441
|
2024-11-21 12:45 |
2018-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247444
|
7.8 |
HIGH
Local
|
navercorp
|
whale
|
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
|
CWE-426
Untrusted Search Path
|
CVE-2018-12449
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247445
|
9.8 |
CRITICAL
Network
|
episerver
|
ektron_cms
|
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is …
|
CWE-269
Improper Privilege Management
|
CVE-2018-12596
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247446
|
8.8 |
HIGH
Network
|
intelbras
|
nplug_firmware
|
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, …
|
CWE-352
Origin Validation Error
|
CVE-2018-12456
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247447
|
8.1 |
HIGH
Network
|
intelbras
|
nplug_firmware
|
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
|
CWE-287
Improper Authentication
|
CVE-2018-12455
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247448
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the…
|
CWE-611
XXE
|
CVE-2018-12544
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247449
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (…
|
CWE-22
Path Traversal
|
CVE-2018-12542
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247450
|
6.5 |
MEDIUM
Network
|
eclipse
|
vert.x
|
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12541
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
