|
247511
|
9.8 |
CRITICAL
Network
|
uvnc
|
ultravnc
|
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vu…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-15361
|
2024-11-21 12:50 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247512
|
8.8 |
HIGH
Adjacent
|
cisco
|
hyperflex_hx_data_platform
|
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insuffic…
|
CWE-78
OS Command
|
CVE-2018-15380
|
2024-11-21 12:50 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247513
|
8.6 |
HIGH
Network
|
dlink
|
central_wifimanager
|
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, le…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-15517
|
2024-11-21 12:50 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247514
|
5.8 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-15516
|
2024-11-21 12:50 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247515
|
7.8 |
HIGH
Local
|
dlink
|
central_wifimanager
|
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which a…
|
NVD-CWE-noinfo
|
CVE-2018-15515
|
2024-11-21 12:50 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247516
|
5.3 |
MEDIUM
Network
|
titanhq
|
spamtitan
|
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requ…
|
CWE-20
Improper Input Validation
|
CVE-2018-15136
|
2024-11-21 12:50 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247517
|
7.2 |
HIGH
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vuln…
|
NVD-CWE-noinfo
|
CVE-2018-15459
|
2024-11-21 12:50 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247518
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the imp…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15455
|
2024-11-21 12:50 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247519
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine_software
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack …
|
CWE-79
Cross-site Scripting
|
CVE-2018-15463
|
2024-11-21 12:50 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247520
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine_software
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack aga…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15440
|
2024-11-21 12:50 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
