|
249921
|
6.5 |
MEDIUM
Network
|
digitalguardian
|
management_console
|
Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.
|
CWE-22
Path Traversal
|
CVE-2018-10176
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249922
|
6.5 |
MEDIUM
Network
|
digitalguardian
|
management_console
|
Digital Guardian Management Console 7.1.2.0015 has an XXE issue.
|
CWE-611
XXE
|
CVE-2018-10175
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249923
|
6.5 |
MEDIUM
Network
|
digitalguardian
|
management_console
|
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. Thi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-10174
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249924
|
8.8 |
HIGH
Network
|
digitalguardian
|
management_console
|
Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-10173
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249925
|
7.8 |
HIGH
Local
|
vertiv
|
watchdog_console
|
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
|
CWE-269
Improper Privilege Management
|
CVE-2018-10079
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249926
|
4.8 |
MEDIUM
Network
|
vertiv
|
watchdog_console
|
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10078
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249927
|
4.9 |
MEDIUM
Network
|
vertiv
|
watchdog_console
|
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
|
CWE-611
XXE
|
CVE-2018-10077
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249928
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
|
CWE-352
Origin Validation Error
|
CVE-2018-10188
|
2024-11-21 12:40 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249929
|
4.8 |
MEDIUM
Network
|
d-link
|
dir-615_t1_firmware
|
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10110
|
2024-11-21 12:40 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249930
|
7.5 |
HIGH
Network
|
logmein
|
lastpass
|
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPU…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-10193
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
