|
249911
|
7.8 |
HIGH
Local
|
estsoft
|
alzip
|
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFIL…
|
CWE-426
Untrusted Search Path
|
CVE-2018-10027
|
2024-11-21 12:40 |
2018-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249912
|
8.8 |
HIGH
Network
|
intenogroup
|
iopsys_firmware
|
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
|
NVD-CWE-noinfo
|
CVE-2018-10123
|
2024-11-21 12:40 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249913
|
7.5 |
HIGH
Network
|
haproxy
redhat
|
haproxy
enterprise_linux
|
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only appl…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10184
|
2024-11-21 12:40 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249914
|
8.8 |
HIGH
Network
|
tp-link
|
eap_controller
|
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administra…
|
CWE-269
Improper Privilege Management
|
CVE-2018-10168
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249915
|
7.5 |
HIGH
Network
|
tp-link
|
eap_controller
|
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-10167
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249916
|
8.8 |
HIGH
Network
|
tp-link
|
eap_controller
|
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submi…
|
CWE-352
Origin Validation Error
|
CVE-2018-10166
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249917
|
5.4 |
MEDIUM
Network
|
tp-link
|
eap_controller
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10165
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249918
|
5.4 |
MEDIUM
Network
|
tp-link
|
eap_controller
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10164
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249919
|
7.8 |
HIGH
Local
|
7-zip
|
7-zip
|
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) …
|
CWE-665
CWE-908
Improper Initialization
Use of Uninitialized Resource
|
CVE-2018-10115
|
2024-11-21 12:40 |
2018-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249920
|
6.5 |
MEDIUM
Network
|
libtiff
|
libtiff
|
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-10126
|
2024-11-21 12:40 |
2018-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
