|
246511
|
6.1 |
MEDIUM
Network
|
sanscms
|
sanscms
|
blog/index.php in SansCMS 0.7 has XSS via the q parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14422
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246512
|
8.8 |
HIGH
Network
|
seacms
|
seacms
|
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /de…
|
CWE-352
CWE-94
Origin Validation Error
Code Injection
|
CVE-2018-14421
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246513
|
8.8 |
HIGH
Network
|
metinfo
|
metinfo
|
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-14420
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246514
|
4.8 |
MEDIUM
Network
|
metinfo
|
metinfo
|
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14419
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246515
|
9.8 |
CRITICAL
Network
|
msvod
|
msvod_cms
|
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
|
CWE-89
SQL Injection
|
CVE-2018-14418
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246516
|
6.1 |
MEDIUM
Network
|
icmsdev
|
icms
|
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14415
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246517
|
9.8 |
CRITICAL
Network
|
ssh_companywebsite_project
|
ssh_companywebsite
|
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-14441
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246518
|
9.8 |
CRITICAL
Network
|
ssh_companywebsite_project
|
ssh_companywebsite
|
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter.
|
CWE-89
SQL Injection
|
CVE-2018-14440
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246519
|
7.5 |
HIGH
Network
|
eblock
|
eos4j
|
espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency …
|
CWE-682
Incorrect Calculation
|
CVE-2018-14439
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246520
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitra…
|
CWE-20
Improper Input Validation
|
CVE-2018-14438
|
2024-11-21 12:49 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
