|
248951
|
6.6 |
MEDIUM
Network
|
commscope
|
arris_tg1682g_firmware
|
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2018-10989
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248952
|
8.0 |
HIGH
Network
|
commscope
|
arris_tg1682g_firmware
|
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might m…
|
CWE-613
Insufficient Session Expiration
|
CVE-2018-10990
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248953
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
|
CWE-200
Information Exposure
|
CVE-2018-11037
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248954
|
7.8 |
HIGH
Local
|
2345.cc
|
security_guard
|
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating…
|
CWE-20
Improper Input Validation
|
CVE-2018-11035
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248955
|
7.8 |
HIGH
Local
|
2345.cc
|
security_guard
|
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating…
|
CWE-20
Improper Input Validation
|
CVE-2018-11034
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248956
|
5.9 |
MEDIUM
Network
|
rasputinonline
|
rasputin_online_coin
|
The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.
|
NVD-CWE-noinfo
|
CVE-2018-10944
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248957
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11033
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248958
|
9.8 |
CRITICAL
Network
|
gouguoyin
|
phprap
|
PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.
|
CWE-89
SQL Injection
|
CVE-2018-11032
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248959
|
9.8 |
CRITICAL
Network
|
gouguoyin
|
phprap
|
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-11031
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248960
|
8.8 |
HIGH
Network
|
pbootcms
|
pbootcms
|
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts vi…
|
CWE-352
Origin Validation Error
|
CVE-2018-11018
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
