|
246571
|
8.8 |
HIGH
Network
|
srcms_project
|
srcms
|
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
|
CWE-352
Origin Validation Error
|
CVE-2018-14068
|
2024-11-21 12:48 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246572
|
9.8 |
CRITICAL
Network
|
google
|
android
|
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the REA…
|
CWE-89
SQL Injection
|
CVE-2018-14066
|
2024-11-21 12:48 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246573
|
9.8 |
CRITICAL
Network
|
phpoffice_project
|
common
|
XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.
|
CWE-611
XXE
|
CVE-2018-14065
|
2024-11-21 12:48 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246574
|
9.8 |
CRITICAL
Network
|
velotismart_project
|
velotismart_wifi_firmware
|
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.
|
CWE-22
Path Traversal
|
CVE-2018-14064
|
2024-11-21 12:48 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246575
|
9.8 |
CRITICAL
Network
|
tracto
|
tracto
|
The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14063
|
2024-11-21 12:48 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246576
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3d_firmware
|
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON da…
|
CWE-78
OS Command
|
CVE-2018-14060
|
2024-11-21 12:48 |
2018-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246577
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3p_firmware
xiaomi_r3c_firmware
xiaomi_r3d_firmware
xiaomi_r3
|
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execu…
|
CWE-78
OS Command
|
CVE-2018-14010
|
2024-11-21 12:48 |
2018-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246578
|
5.3 |
MEDIUM
Network
|
znc
debian
|
znc
debian_linux
|
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.
|
CWE-22
Path Traversal
|
CVE-2018-14056
|
2024-11-21 12:48 |
2018-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246579
|
6.5 |
MEDIUM
Network
|
znc
debian
|
znc
debian_linux
|
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
|
CWE-20
Improper Input Validation
|
CVE-2018-14055
|
2024-11-21 12:48 |
2018-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246580
|
9.8 |
CRITICAL
Network
|
techsmith
|
mp4v2
|
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.
|
CWE-415
Double Free
|
CVE-2018-14054
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
