|
249731
|
8.8 |
HIGH
Network
|
tuzicms
|
tuzicms
|
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.
|
CWE-352
Origin Validation Error
|
CVE-2018-10185
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249732
|
6.1 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10183
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249733
|
7.8 |
HIGH
Local
|
artifex
canonical
debian
redhat
|
ghostscript
ubuntu_linux
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_eus
enterprise_linux_server_aus
ent…
|
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10194
|
2024-11-21 12:40 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249734
|
5.3 |
MEDIUM
Network
|
iac
|
fromdoctopdf
|
The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command.
|
CWE-200
Information Exposure
|
CVE-2018-10178
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249735
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a craf…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-10177
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249736
|
8.8 |
HIGH
Local
|
7-zip
|
7-zip
|
7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it …
|
CWE-269
Improper Privilege Management
|
CVE-2018-10172
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249737
|
7.5 |
HIGH
Network
|
mikrotik
|
router_firmware
|
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins wi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-10070
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249738
|
6.1 |
MEDIUM
Network
|
catalooksupport
|
.netstore
|
The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10138
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249739
|
8.8 |
HIGH
Network
|
iscripts
|
uberforx
|
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-10137
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249740
|
6.1 |
MEDIUM
Network
|
iscripts
|
uberforx
|
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10136
|
2024-11-21 12:40 |
2018-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
