|
252081
|
6.1 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
|
CWE-601
Open Redirect
|
CVE-2018-10100
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252082
|
6.1 |
MEDIUM
Network
|
smartscriptsolutions
|
domain_trader
|
XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10097
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252083
|
4.8 |
MEDIUM
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10096
|
2024-11-21 12:40 |
2018-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252084
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering a…
|
CWE-20
Improper Input Validation
|
CVE-2018-10087
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252085
|
8.1 |
HIGH
Network
|
mikrotik
|
routeros
|
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malici…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-10066
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252086
|
7.2 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possibl…
|
CWE-94
Code Injection
|
CVE-2018-10086
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252087
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted coo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-10085
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252088
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, b…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2018-10084
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252089
|
7.5 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because…
|
CWE-22
Path Traversal
|
CVE-2018-10083
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252090
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php,…
|
CWE-200
Information Exposure
|
CVE-2018-10082
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
