|
248651
|
4.8 |
MEDIUM
Network
|
pagekit
|
pagekit
|
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG f…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11564
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248652
|
6.1 |
MEDIUM
Network
|
yosoro_project
|
yosoro
|
Yosoro 1.0.4 has stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11522
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248653
|
8.8 |
HIGH
Network
|
searchblox
|
searchblox
|
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
|
CWE-352
Origin Validation Error
|
CVE-2018-11538
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248654
|
8.8 |
HIGH
Network
|
njtech
|
greencms
|
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
|
CWE-352
Origin Validation Error
|
CVE-2018-11671
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248655
|
8.8 |
HIGH
Network
|
njtech
|
greencms
|
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
|
CWE-352
Origin Validation Error
|
CVE-2018-11670
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248656
|
4.8 |
MEDIUM
Network
|
brother
|
hl-l2340d_firmware
hl-l2380dw_firmware
|
Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11581
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248657
|
6.1 |
MEDIUM
Network
|
nch
|
axon_pbx
|
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11552
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248658
|
7.8 |
HIGH
Local
|
nch
|
axon_pbx
|
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file i…
|
CWE-426
Untrusted Search Path
|
CVE-2018-11551
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248659
|
7.5 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-11657
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248660
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image fil…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-11656
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
