|
246131
|
7.8 |
HIGH
Local
|
jpeg_encoder_project
|
jpeg_encoder
|
An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-14945
|
2024-11-21 12:50 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246132
|
7.8 |
HIGH
Local
|
jpeg_encoder_project
|
jpeg_encoder
|
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-14944
|
2024-11-21 12:50 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246133
|
9.8 |
CRITICAL
Network
|
harmonicinc
|
nsg_9000_firmware
|
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-14943
|
2024-11-21 12:50 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246134
|
8.8 |
HIGH
Network
|
harmonicinc
|
nsg_9000_firmware
|
Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../…
|
CWE-22
Path Traversal
|
CVE-2018-14942
|
2024-11-21 12:50 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246135
|
6.5 |
MEDIUM
Network
|
harmonicinc
|
nsg_9000
|
Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.
|
CWE-200
Information Exposure
|
CVE-2018-14941
|
2024-11-21 12:50 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246136
|
7.5 |
HIGH
Network
|
phpcms
|
phpcms
|
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-14940
|
2024-11-21 12:50 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246137
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to caus…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14939
|
2024-11-21 12:50 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246138
|
9.1 |
CRITICAL
Network
|
digitalcorpora
canonical
|
tcpflow
ubuntu_linux
|
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, on…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2018-14938
|
2024-11-21 12:50 |
2018-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246139
|
4.8 |
MEDIUM
Network
|
mylittleforum
|
my_little_forum
|
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14937
|
2024-11-21 12:50 |
2018-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246140
|
4.8 |
MEDIUM
Network
|
mylittleforum
|
my_little_forum
|
The Add page option in my little forum 2.4.12 allows XSS via the Title field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14936
|
2024-11-21 12:50 |
2018-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
