|
246391
|
5.4 |
MEDIUM
Network
|
i4a
|
donlinkage
|
An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt.
|
CWE-200
Information Exposure
|
CVE-2018-17091
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246392
|
5.4 |
MEDIUM
Network
|
i4a
|
donlinkage
|
An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <sc…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17090
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246393
|
7.8 |
HIGH
Local
|
jhead_project
|
jhead
|
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-17088
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246394
|
6.1 |
MEDIUM
Network
|
otcms
|
otcms
|
An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17086
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246395
|
6.1 |
MEDIUM
Network
|
otcms
|
otcms
|
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17085
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246396
|
6.1 |
MEDIUM
Network
|
seacms
|
seacms
|
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17062
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246397
|
6.1 |
MEDIUM
Network
|
php
debian
netapp
|
php
debian_linux
storage_automation_store
|
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket bri…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17082
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246398
|
6.1 |
MEDIUM
Network
|
yiqicms_project
|
yiqicms
|
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17077
|
2024-11-21 12:53 |
2018-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246399
|
8.8 |
HIGH
Network
|
logological
|
general-purpose_preprocessor
|
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17076
|
2024-11-21 12:53 |
2018-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246400
|
7.5 |
HIGH
Network
|
golang
fedoraproject
|
net
fedora
|
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <te…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-17075
|
2024-11-21 12:53 |
2018-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
