|
246561
|
5.5 |
MEDIUM
Local
|
stopzilla
|
antimalware
|
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x800…
|
CWE-20
Improper Input Validation
|
CVE-2018-15737
|
2024-11-21 12:51 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246562
|
5.5 |
MEDIUM
Local
|
stopzilla
|
antimalware
|
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x800…
|
CWE-20
Improper Input Validation
|
CVE-2018-15736
|
2024-11-21 12:51 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246563
|
6.1 |
MEDIUM
Network
|
cloudera
|
cloudera_manager
|
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizar…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15913
|
2024-11-21 12:51 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246564
|
4.3 |
MEDIUM
Network
|
freepbx
|
disa
|
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
|
CWE-89
SQL Injection
|
CVE-2018-15892
|
2024-11-21 12:51 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246565
|
4.8 |
MEDIUM
Network
|
freepbx
sangoma
|
freepbx
|
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module …
|
CWE-79
Cross-site Scripting
|
CVE-2018-15891
|
2024-11-21 12:51 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246566
|
9.8 |
CRITICAL
Network
|
ethereum
|
ethereumj
|
An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block,…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15890
|
2024-11-21 12:51 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246567
|
7.5 |
HIGH
Local
|
docker
|
docker
|
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access t…
|
CWE-362
Race Condition
|
CVE-2018-15664
|
2024-11-21 12:51 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246568
|
6.1 |
MEDIUM
Network
|
xerox
|
colorqube_8580_firmware
|
Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15530
|
2024-11-21 12:51 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246569
|
6.1 |
MEDIUM
Network
|
sir
|
gnuboard
|
Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15584
|
2024-11-21 12:51 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246570
|
6.1 |
MEDIUM
Network
|
sir
|
gnuboard
|
Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15582
|
2024-11-21 12:51 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
