|
247911
|
8.8 |
HIGH
Network
|
eclipse
netapp
|
jetty
e-series_santricity_os_controller
snap_creator_framework
hyper_converged_infrastructure
element_software
santricity_cloud_connector
snapcenter
oncommand_unified_manager
…
|
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access…
|
CWE-384
Session Fixation
|
CVE-2018-12538
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247912
|
7.2 |
HIGH
Network
|
ithemes
|
security
|
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
|
CWE-89
SQL Injection
|
CVE-2018-12636
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247913
|
8.8 |
HIGH
Network
|
slims_akasia_project
|
slims_akasia
|
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.
|
CWE-352
Origin Validation Error
|
CVE-2018-12659
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247914
|
6.1 |
MEDIUM
Network
|
slims_project
|
slims
|
Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12658
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247915
|
6.1 |
MEDIUM
Network
|
slims_akasia_project
|
slims_akasia
|
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12657
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247916
|
6.1 |
MEDIUM
Network
|
slims_akasia_project
|
slims_akasia
|
Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12656
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247917
|
6.1 |
MEDIUM
Network
|
slims_akasia_project
|
slims_akasia
|
Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12655
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247918
|
6.1 |
MEDIUM
Network
|
slims_akasia_project
|
slims_akasia
|
Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12654
|
2024-11-21 12:45 |
2018-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247919
|
9.8 |
CRITICAL
Network
|
misp
|
misp
|
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login …
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2018-12649
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247920
|
7.5 |
HIGH
Network
|
exempi_project
|
exempi
|
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-12648
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
