|
246851
|
9.8 |
CRITICAL
Network
|
node-macaddress_project
|
node-macaddress
|
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
|
CWE-78
OS Command
|
CVE-2018-13797
|
2024-11-21 12:48 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246852
|
7.5 |
HIGH
Network
|
creolabs
|
gravity
|
Gravity before 0.5.1 does not support a maximum recursion depth.
|
CWE-20
Improper Input Validation
|
CVE-2018-13795
|
2024-11-21 12:48 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246853
|
9.8 |
CRITICAL
Network
|
catimg_project
|
catimg
|
A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-13794
|
2024-11-21 12:48 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246854
|
8.8 |
HIGH
Network
|
abbyy
|
flexicapture
|
Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Admi…
|
CWE-352
Origin Validation Error
|
CVE-2018-13793
|
2024-11-21 12:48 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246855
|
9.8 |
CRITICAL
Network
|
abbyy
|
flexicapture
|
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-13791
|
2024-11-21 12:48 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246856
|
7.2 |
HIGH
Network
|
concretecms
|
concrete_cms
|
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-13790
|
2024-11-21 12:48 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246857
|
8.8 |
HIGH
Network
|
solarwinds
|
network_performance_monitor
|
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
|
CWE-89
SQL Injection
|
CVE-2018-13442
|
2024-11-21 12:47 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246858
|
8.8 |
HIGH
Network
|
block
|
jit-wasm
|
EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-13443
|
2024-11-21 12:47 |
2019-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246859
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers t…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13403
|
2024-11-21 12:47 |
2019-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246860
|
4.1 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-13404
|
2024-11-21 12:47 |
2019-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
