|
248821
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated …
|
CWE-20
Improper Input Validation
|
CVE-2018-11321
|
2024-11-21 12:43 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248822
|
7.5 |
HIGH
Network
|
cppcms
|
cppcms
|
An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module.
|
CWE-20
Improper Input Validation
|
CVE-2018-11367
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248823
|
6.1 |
MEDIUM
Network
|
loginizer
|
loginizer
|
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11366
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248824
|
7.5 |
HIGH
Network
|
pdfgen
|
pdfgen
|
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11363
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248825
|
4.3 |
MEDIUM
Network
|
asustor
|
as6202t_firmware
|
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrari…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2018-11346
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248826
|
8.8 |
HIGH
Network
|
asustor
|
as6202t_firmware
|
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11345
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248827
|
6.5 |
MEDIUM
Network
|
asustor
|
as6202t_firmware
|
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.
|
CWE-22
Path Traversal
|
CVE-2018-11344
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248828
|
5.4 |
MEDIUM
Network
|
asustor
|
soundsgood
|
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11343
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248829
|
4.3 |
MEDIUM
Network
|
asustor
|
as6202t_firmware
|
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder param…
|
CWE-22
Path Traversal
|
CVE-2018-11342
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248830
|
7.2 |
HIGH
Network
|
asustor
|
as6202t_firmware
|
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2018-11341
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
