|
247031
|
7.8 |
HIGH
Local
|
linux
debian
canonical
fedoraproject
redhat
f5
|
linux_kernel
debian_linux
ubuntu_linux
fedora
enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_se…
|
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certai…
|
CWE-269
Improper Privilege Management
|
CVE-2018-13405
|
2024-11-21 12:47 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247032
|
8.8 |
HIGH
Network
|
fortinet
|
fortios
|
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
|
CWE-20
Improper Input Validation
|
CVE-2018-13371
|
2024-11-21 12:46 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247033
|
7.5 |
HIGH
Network
|
easyappointments
|
easy\!appointments
|
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
|
CWE-862
Missing Authorization
|
CVE-2018-13063
|
2024-11-21 12:46 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247034
|
6.5 |
MEDIUM
Network
|
easyappointments
|
easy\!appointments
|
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.
|
CWE-287
Improper Authentication
|
CVE-2018-13060
|
2024-11-21 12:46 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247035
|
6.5 |
MEDIUM
Network
|
totolink
|
a3002ru_firmware
|
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user kn…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2018-13313
|
2024-11-21 12:46 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247036
|
6.1 |
MEDIUM
Network
|
blackboard
|
blackboard_learn
|
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, en…
|
CWE-601
Open Redirect
|
CVE-2018-13257
|
2024-11-21 12:46 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247037
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortios
|
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file throu…
|
CWE-200
Information Exposure
|
CVE-2018-13367
|
2024-11-21 12:46 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247038
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL V…
|
CWE-601
Open Redirect
|
CVE-2018-13384
|
2024-11-21 12:46 |
2019-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247039
|
7.5 |
HIGH
Network
|
fortinet
|
fortiproxy
fortios
|
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web p…
|
CWE-863
Incorrect Authorization
|
CVE-2018-13382
|
2024-11-21 12:46 |
2019-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247040
|
7.5 |
HIGH
Network
|
fortinet
|
fortios
fortiproxy
|
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-13381
|
2024-11-21 12:46 |
2019-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
