|
247351
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit i…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13055
|
2024-11-21 12:46 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247352
|
6.7 |
MEDIUM
Local
|
pearsonvue
|
iqsystem_7
console_8
|
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrato…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2018-12989
|
2024-11-21 12:46 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247353
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12944
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247354
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12943
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247355
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an e…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12940
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247356
|
6.5 |
MEDIUM
Network
|
seeddms
|
seeddms
|
A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.U…
|
CWE-22
Path Traversal
|
CVE-2018-12939
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247357
|
5.9 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS ses…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2018-13280
|
2024-11-21 12:46 |
2018-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247358
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the applicati…
|
CWE-89
SQL Injection
|
CVE-2018-12942
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247359
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following us…
|
CWE-20
Improper Input Validation
|
CVE-2018-12941
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247360
|
7.5 |
HIGH
Network
|
aditustoken_project
|
aditustoken
|
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
|
CWE-20
Improper Input Validation
|
CVE-2018-12959
|
2024-11-21 12:46 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
