|
246401
|
9.1 |
CRITICAL
Network
|
ca
broadcom
|
project_portfolio_management
|
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request…
|
CWE-611
XXE
|
CVE-2018-13826
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246402
|
6.1 |
MEDIUM
Network
|
ca
broadcom
|
project_portfolio_management
|
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cros…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13825
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246403
|
9.8 |
CRITICAL
Network
|
ca
broadcom
|
project_portfolio_management
|
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
|
CWE-89
SQL Injection
|
CVE-2018-13824
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246404
|
7.5 |
HIGH
Network
|
ca
broadcom
|
project_portfolio_management
|
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive informatio…
|
CWE-611
XXE
|
CVE-2018-13823
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246405
|
7.5 |
HIGH
Network
|
broadcom
|
project_portfolio_management
|
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-13822
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246406
|
9.8 |
CRITICAL
Network
|
ca
|
unified_infrastructure_management
|
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
|
CWE-287
Improper Authentication
|
CVE-2018-13821
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246407
|
7.5 |
HIGH
Network
|
ca
|
unified_infrastructure_management
|
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-13820
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246408
|
7.5 |
HIGH
Network
|
ca
|
unified_infrastructure_management
|
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-13819
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246409
|
8.8 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the tar…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2018-14317
|
2024-11-21 12:48 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246410
|
5.4 |
MEDIUM
Network
|
pimcore
|
pimcore
|
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset M…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14059
|
2024-11-21 12:48 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
