|
246281
|
8.8 |
HIGH
Network
|
mitmproxy
|
mitmproxy
|
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
|
CWE-20
Improper Input Validation
|
CVE-2018-14505
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246282
|
9.8 |
CRITICAL
Network
|
joyplus_project
|
joyplus-cms
|
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
|
CWE-89
SQL Injection
|
CVE-2018-14501
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246283
|
6.1 |
MEDIUM
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14500
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246284
|
7.5 |
HIGH
Network
|
tendacn
|
ac7_firmware
ac9_firmware
ac10_firmware
ac15_firmware
ac18_firmware
|
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-14492
|
2024-11-21 12:49 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246285
|
6.1 |
MEDIUM
Network
|
goodoldweb
|
orange_forum
|
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
|
CWE-601
Open Redirect
|
CVE-2018-14474
|
2024-11-21 12:49 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246286
|
7.2 |
HIGH
Network
|
wuzhicms
|
wuzhicms
|
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL …
|
CWE-89
SQL Injection
|
CVE-2018-14472
|
2024-11-21 12:49 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246287
|
6.5 |
MEDIUM
Network
|
gnu
|
libredwg
|
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-14471
|
2024-11-21 12:49 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246288
|
8.8 |
HIGH
Network
|
hdfgroup
|
hdf5
|
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14460
|
2024-11-21 12:49 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246289
|
8.8 |
HIGH
Network
|
linuxsampler
|
libgig
|
An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-14459
|
2024-11-21 12:49 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246290
|
8.8 |
HIGH
Network
|
linuxsampler
|
libgig
|
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-14458
|
2024-11-21 12:49 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
