|
249701
|
8.8 |
HIGH
Network
|
alpinelinux
|
alpine_linux
|
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This att…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000849
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249702
|
6.1 |
MEDIUM
Network
|
wampserver
|
wampserver
|
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000848
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249703
|
5.4 |
MEDIUM
Network
|
freshdns_project
|
freshdns
|
FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000847
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249704
|
8.8 |
HIGH
Network
|
freshdns_project
|
freshdns
|
FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and z…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000846
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249705
|
9.1 |
CRITICAL
Network
|
squareup
|
retrofit
|
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this t…
|
CWE-611
XXE
|
CVE-2018-1000844
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249706
|
6.1 |
MEDIUM
Network
|
fatfreecrm
|
fatfreecrm
|
FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 t…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000842
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249707
|
6.1 |
MEDIUM
Network
|
zend
|
zendto
|
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000841
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249708
|
8.8 |
HIGH
Network
|
spotify
|
luigi
|
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API e…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000843
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249709
|
6.5 |
MEDIUM
Network
|
processing
|
processing
|
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrat…
|
CWE-611
XXE
|
CVE-2018-1000840
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249710
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP fi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000839
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
