|
246861
|
7.5 |
HIGH
Network
|
polyai_project
|
polyai
|
The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-17050
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246862
|
6.1 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17003
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246863
|
6.1 |
MEDIUM
Network
|
ricoh
|
mp_2001sp_firmware
|
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWiza…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17002
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246864
|
6.1 |
MEDIUM
Network
|
ricoh
|
sp_4510sf_firmware
|
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17001
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246865
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_supportcenter_plus
|
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16965
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246866
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16833
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246867
|
9.8 |
CRITICAL
Network
|
seacms
|
seacms
|
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
|
CWE-89
SQL Injection
|
CVE-2018-16822
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246868
|
5.3 |
MEDIUM
Network
|
seacms
|
seacms
|
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16821
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246869
|
8.6 |
HIGH
Network
|
microsoft
|
exchange_server
|
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-16793
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246870
|
5.5 |
MEDIUM
Local
|
linux
netapp
opensuse
|
linux_kernel
element_software
active_iq_performance_analytics_services
leap
|
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
|
CWE-863
Incorrect Authorization
|
CVE-2018-16597
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
