|
246171
|
8.8 |
HIGH
Network
|
netcommwireless
|
nwl-25_firmware
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device…
|
CWE-352
Origin Validation Error
|
CVE-2018-14783
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246172
|
7.5 |
HIGH
Network
|
netcommwireless
|
nwl-25_firmware
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.
|
CWE-287
Improper Authentication
|
CVE-2018-14782
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246173
|
4.8 |
MEDIUM
Network
|
wolfcms
|
wolf_cms
|
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14837
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246174
|
6.1 |
MEDIUM
Network
|
coremail
|
coremail_xt
|
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14503
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246175
|
7.5 |
HIGH
Network
|
hitachi
|
compute_systems_manager
device_manager
replication_manager
tiered_storage_manager
tuning_manager
command_suite
|
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via…
|
CWE-200
Information Exposure
|
CVE-2018-14735
|
2024-11-21 12:49 |
2018-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246176
|
6.5 |
MEDIUM
Adjacent
|
canonical
debian
w1.fi
|
ubuntu_linux
debian_linux
wpa_supplicant
|
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker …
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2018-14526
|
2024-11-21 12:49 |
2018-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246177
|
5.4 |
MEDIUM
Network
|
php_template_store_script_project
|
php_template_store_script
|
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14869
|
2024-11-21 12:49 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246178
|
8.8 |
HIGH
Network
|
ocsinventory-ng
|
ocs_inventory_server
|
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-14857
|
2024-11-21 12:49 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246179
|
7.5 |
HIGH
Network
|
nystudio107
|
seomatic
|
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can…
|
CWE-94
Code Injection
|
CVE-2018-14716
|
2024-11-21 12:49 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246180
|
8.8 |
HIGH
Network
|
otrs
debian
|
open_ticket_request_system
debian_linux
|
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their pr…
|
NVD-CWE-noinfo
|
CVE-2018-14593
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
