|
250181
|
5.3 |
MEDIUM
Network
|
vaultize
|
enterprise_file_sharing
|
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-10211
|
2024-11-21 12:41 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250182
|
5.3 |
MEDIUM
Network
|
vaultize
|
enterprise_file_sharing
|
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-10210
|
2024-11-21 12:41 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250183
|
5.4 |
MEDIUM
Network
|
vaultize
|
enterprise_file_sharing
|
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10209
|
2024-11-21 12:41 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250184
|
6.1 |
MEDIUM
Network
|
vaultize
|
enterprise_file_sharing
|
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10208
|
2024-11-21 12:41 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250185
|
5.3 |
MEDIUM
Network
|
vaultize
|
enterprise_file_sharing
|
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricte…
|
CWE-862
Missing Authorization
|
CVE-2018-10207
|
2024-11-21 12:41 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250186
|
5.4 |
MEDIUM
Network
|
vaultize
|
enterprise_file_sharing
|
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10206
|
2024-11-21 12:41 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250187
|
7.5 |
HIGH
Network
|
smartmesh
|
smartmesh
|
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digit…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-10376
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250188
|
9.8 |
CRITICAL
Network
|
dedecms
|
dedecms
|
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-10375
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250189
|
6.1 |
MEDIUM
Network
|
easycms
|
easycms
|
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10374
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250190
|
6.5 |
MEDIUM
Network
|
gnu
redhat
|
binutils
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
|
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereferen…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-10373
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
