|
246181
|
5.4 |
MEDIUM
Network
|
readymadeb2bscript
|
basic_b2b
|
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14541
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246182
|
5.4 |
MEDIUM
Network
|
tendacn
|
d152_firmware
|
Tenda D152 ADSL routers allow XSS via a crafted SSID.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14497
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246183
|
9.1 |
CRITICAL
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate i…
|
CWE-611
XXE
|
CVE-2018-14473
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246184
|
9.8 |
CRITICAL
Network
|
softnas
|
cloud
|
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the s…
|
CWE-78
OS Command
|
CVE-2018-14417
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246185
|
9.8 |
CRITICAL
Network
|
tecrail
|
responsive_filemanager
|
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-14728
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246186
|
7.5 |
HIGH
Network
|
cryptogs
|
cryptogs
|
The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can pre…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2018-14715
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246187
|
7.5 |
HIGH
Network
|
suncontract
|
suncontract
|
The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14576
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246188
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP se…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14504
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246189
|
7.2 |
HIGH
Network
|
sensiolabs
|
symfony
|
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http…
|
CWE-20
Improper Input Validation
|
CVE-2018-14774
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246190
|
6.5 |
MEDIUM
Network
|
sensiolabs
debian
drupal
|
symfony
debian_linux
drupal
|
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises …
|
NVD-CWE-noinfo
|
CVE-2018-14773
|
2024-11-21 12:49 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
