|
249971
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted coo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-10085
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249972
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, b…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2018-10084
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249973
|
7.5 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because…
|
CWE-22
Path Traversal
|
CVE-2018-10083
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249974
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php,…
|
CWE-200
Information Exposure
|
CVE-2018-10082
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249975
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-10081
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249976
|
8.6 |
HIGH
Network
|
secutech_project
|
ris-11_firmware
ris-22_firmware
ris-33_firmware
|
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2018-10080
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249977
|
7.8 |
HIGH
Local
|
convert_forms_project
|
convert_forms
|
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.
|
NVD-CWE-noinfo
|
CVE-2018-10063
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249978
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering …
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-10074
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249979
|
4.8 |
MEDIUM
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10073
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249980
|
5.5 |
MEDIUM
Local
|
jungo
|
windriver
|
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call.
|
CWE-20
Improper Input Validation
|
CVE-2018-10072
|
2024-11-21 12:40 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
