|
247021
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP se…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14504
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247022
|
7.2 |
HIGH
Network
|
sensiolabs
|
symfony
|
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http…
|
CWE-20
Improper Input Validation
|
CVE-2018-14774
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247023
|
6.5 |
MEDIUM
Network
|
sensiolabs
debian
drupal
|
symfony
debian_linux
drupal
|
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises …
|
NVD-CWE-noinfo
|
CVE-2018-14773
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247024
|
6.1 |
MEDIUM
Network
|
djangoproject
debian
canonical
|
django
debian_linux
ubuntu_linux
|
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
|
CWE-601
Open Redirect
|
CVE-2018-14574
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247025
|
5.4 |
MEDIUM
Network
|
weaselcms_project
|
weaselcms
|
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14877
|
2024-11-21 12:49 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247026
|
5.5 |
MEDIUM
Local
|
flif
|
flif
|
An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng er…
|
NVD-CWE-noinfo
|
CVE-2018-14876
|
2024-11-21 12:49 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247027
|
5.4 |
MEDIUM
Network
|
rincewind_project
|
rincewind
|
An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14873
|
2024-11-21 12:49 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247028
|
7.5 |
HIGH
Network
|
rincewind_project
|
rincewind
|
An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, wit…
|
CWE-20
Improper Input Validation
|
CVE-2018-14872
|
2024-11-21 12:49 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247029
|
7.5 |
HIGH
Network
|
icmsdev
|
icms
|
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-14858
|
2024-11-21 12:49 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247030
|
5.5 |
MEDIUM
Local
|
php
canonical
debian
netapp
|
php
ubuntu_linux
debian_linux
storage_automation_store
|
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bo…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14851
|
2024-11-21 12:49 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
