|
249521
|
7.5 |
HIGH
Network
|
polycom
|
realpresence_web_suite
|
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option).…
|
CWE-200
Information Exposure
|
CVE-2018-12592
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249522
|
7.2 |
HIGH
Network
|
ubnt
|
edgeswitch_firmware
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege…
|
CWE-78
OS Command
|
CVE-2018-12591
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249523
|
7.2 |
HIGH
Network
|
ui
|
edgeswitch_firmware
|
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privile…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2018-12590
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249524
|
3.6 |
LOW
Local
|
dropbox
|
dropbox
|
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return val…
|
CWE-287
Improper Authentication
|
CVE-2018-12446
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249525
|
6.1 |
MEDIUM
Network
|
public_knowledge_project
|
open_monograph_press
|
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12588
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249526
|
3.1 |
LOW
Physics
|
dropbox
|
dropbox
|
An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from …
|
CWE-287
Improper Authentication
|
CVE-2018-12445
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249527
|
8.8 |
HIGH
Network
|
codenx
|
shopnx
|
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12519
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249528
|
6.5 |
MEDIUM
Network
|
akcms_project
|
akcms
|
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.
|
CWE-352
Origin Validation Error
|
CVE-2018-12583
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249529
|
8.8 |
HIGH
Network
|
akcms_project
|
akcms
|
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-12582
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249530
|
6.1 |
MEDIUM
Network
|
dragonbyte-tech
|
vbsecurity
|
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12580
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
