|
246151
|
8.8 |
HIGH
Network
|
seacms
|
seacms
|
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php o…
|
CWE-352
CWE-94
Origin Validation Error
Code Injection
|
CVE-2018-14910
|
2024-11-21 12:50 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246152
|
8.8 |
HIGH
Network
|
samsung
|
syncthru_web_service
|
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
|
CWE-352
Origin Validation Error
|
CVE-2018-14908
|
2024-11-21 12:50 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246153
|
5.3 |
MEDIUM
Network
|
3cx
|
3cx_web_server
|
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2018-14907
|
2024-11-21 12:50 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246154
|
6.1 |
MEDIUM
Network
|
3cx
|
3cx_web_server
|
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14906
|
2024-11-21 12:50 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246155
|
6.1 |
MEDIUM
Network
|
3cx
|
3cx_web_server
|
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14905
|
2024-11-21 12:50 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246156
|
6.1 |
MEDIUM
Network
|
samsung
|
syncthru_web_service
|
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14904
|
2024-11-21 12:50 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246157
|
7.5 |
HIGH
Network
|
php
netapp
|
php
storage_automation_store
|
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ex…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-14884
|
2024-11-21 12:50 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246158
|
7.5 |
HIGH
Network
|
php
canonical
debian
netapp
|
php
ubuntu_linux
debian_linux
storage_automation_store
|
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2018-14883
|
2024-11-21 12:50 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246159
|
4.3 |
MEDIUM
Network
|
samba
fedoraproject
|
samba
fedora
|
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attrib…
|
-
|
CVE-2018-14628
|
2024-11-21 12:49 |
2023-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246160
|
5.4 |
MEDIUM
Network
|
getkirby
|
kirby
|
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14520
|
2024-11-21 12:49 |
2022-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
