|
246621
|
6.5 |
MEDIUM
Network
|
omron
|
poweract_pro_master_agent
|
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-16207
|
2024-11-21 12:52 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246622
|
5.9 |
MEDIUM
Network
|
siemens
|
siprotec_5_with_cpu_variant_cp100
siprotec_5_with_cpu_variant_cp200
siprotec_5_with_cpu_variant_cp300
en100_ethernet_module_firmware
en100_ethernet_module_with_firmware_variant_dnp3_tcp
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware vari…
|
NVD-CWE-noinfo
|
CVE-2018-16563
|
2024-11-21 12:52 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246623
|
6.1 |
MEDIUM
Network
|
coyoapp
|
coyo
|
COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16519
|
2024-11-21 12:52 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246624
|
7.8 |
HIGH
Local
|
micco
|
lhmelting
lmlzh32.dll
unarj32.dll
unlha32.dll
|
Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLz…
|
CWE-426
Untrusted Search Path
|
CVE-2018-16190
|
2024-11-21 12:52 |
2019-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246625
|
7.8 |
HIGH
Local
|
micco
|
unlha32.dll
|
Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2018-16189
|
2024-11-21 12:52 |
2019-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246626
|
7.5 |
HIGH
Network
|
static-resource-server_project
|
static-resource-server
|
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
|
CWE-22
Path Traversal
|
CVE-2018-16493
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246627
|
9.8 |
CRITICAL
Network
|
extend_project
|
extend
|
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
|
CWE-74
Injection
|
CVE-2018-16492
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246628
|
9.8 |
CRITICAL
Network
|
dreamerslab
|
node.extend
|
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
|
CWE-74
Injection
|
CVE-2018-16491
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246629
|
7.5 |
HIGH
Network
|
mpath_project
|
mpath
|
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
|
CWE-74
Injection
|
CVE-2018-16490
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246630
|
9.8 |
CRITICAL
Network
|
just-extend_project
|
just-extend
|
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
|
CWE-74
Injection
|
CVE-2018-16489
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
