|
247871
|
8.1 |
HIGH
Network
|
ntop
|
ntopng
|
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2018-12520
|
2024-11-21 12:45 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247872
|
6.8 |
MEDIUM
Network
|
onosproject
|
onos
|
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data p…
|
CWE-362
Race Condition
|
CVE-2018-12691
|
2024-11-21 12:45 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247873
|
9.8 |
CRITICAL
Network
|
3cx
|
live_chat
|
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/rem…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12426
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247874
|
8.8 |
HIGH
Network
|
tp-link
|
tl-wr841n_firmware
|
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.
|
CWE-78
OS Command
|
CVE-2018-12577
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247875
|
4.3 |
MEDIUM
Network
|
tp-link
|
tl-wr841n_firmware
|
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2018-12576
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247876
|
9.8 |
CRITICAL
Network
|
tp-link
|
tl-wr841n_firmware
|
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.
|
CWE-287
Improper Authentication
|
CVE-2018-12575
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247877
|
8.8 |
HIGH
Network
|
tp-link
|
tl-wr841n_firmware
|
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
|
CWE-352
Origin Validation Error
|
CVE-2018-12574
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247878
|
8.8 |
HIGH
Network
|
intex
|
n150_firmware
|
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
|
CWE-352
Origin Validation Error
|
CVE-2018-12529
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247879
|
8.1 |
HIGH
Network
|
intex
|
n150_firmware
|
An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12528
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247880
|
7.4 |
HIGH
Network
|
motorola
|
mbp853_firmware
|
The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it commu…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-12499
|
2024-11-21 12:45 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
