|
247931
|
7.5 |
HIGH
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-14700
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247932
|
9.8 |
CRITICAL
Network
|
drobo
|
5n2_firmware
|
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL paramet…
|
CWE-78
OS Command
|
CVE-2018-14699
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247933
|
6.1 |
MEDIUM
Network
|
drobo
|
5n2_firmware
|
Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14698
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247934
|
6.1 |
MEDIUM
Network
|
drobo
|
5n2_firmware
|
Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14697
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247935
|
7.5 |
HIGH
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
|
CWE-200
Information Exposure
|
CVE-2018-14696
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247936
|
7.5 |
HIGH
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL paramet…
|
CWE-200
Information Exposure
|
CVE-2018-14695
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247937
|
8.1 |
HIGH
Network
|
redhat
|
keycloak
|
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
|
CWE-287
Improper Authentication
|
CVE-2018-14637
|
2024-11-21 12:49 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247938
|
7.5 |
HIGH
Network
|
powerdns
|
recursor
authoritative
|
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of ser…
|
NVD-CWE-noinfo
|
CVE-2018-14626
|
2024-11-21 12:49 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247939
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14749
|
2024-11-21 12:49 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247940
|
7.5 |
HIGH
Network
|
qnap
|
qts
|
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to pow…
|
CWE-863
Incorrect Authorization
|
CVE-2018-14748
|
2024-11-21 12:49 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
