|
249271
|
9.8 |
CRITICAL
Network
|
canon
|
lbp3370_firmware
lbp3460_firmware
lbp7750c_firmware
lbp6650_firmware
|
An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=D…
|
CWE-287
Improper Authentication
|
CVE-2018-11692
|
2024-11-21 12:43 |
2018-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249272
|
8.8 |
HIGH
Network
|
liblouis
canonical
opensuse
|
liblouis
ubuntu_linux
leap
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11685
|
2024-11-21 12:43 |
2018-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249273
|
8.8 |
HIGH
Network
|
liblouis
canonical
opensuse
|
liblouis
ubuntu_linux
leap
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11684
|
2024-11-21 12:43 |
2018-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249274
|
8.8 |
HIGH
Network
|
liblouis
canonical
opensuse
|
liblouis
ubuntu_linux
leap
|
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11683
|
2024-11-21 12:43 |
2018-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249275
|
6.5 |
MEDIUM
Network
|
cmseasy
|
cmseasy
|
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is…
|
CWE-352
Origin Validation Error
|
CVE-2018-11680
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249276
|
8.8 |
HIGH
Network
|
cmseasy
|
cmseasy
|
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
|
CWE-352
Origin Validation Error
|
CVE-2018-11679
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249277
|
9.8 |
CRITICAL
Network
|
lutron
|
stanza_firmware
radiora_2_firmware
homeworks_qs_firmware
|
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revisio…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11682
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249278
|
9.8 |
CRITICAL
Network
|
lutron
|
stanza_firmware
radiora_2_firmware
homeworks_qs_firmware
|
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11681
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249279
|
9.8 |
CRITICAL
Network
|
lutron
|
stanza_firmware
radiora_2_firmware
homeworks_qs_firmware
|
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWor…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11629
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249280
|
4.8 |
MEDIUM
Network
|
pagekit
|
pagekit
|
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG f…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11564
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
