|
247091
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15678
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247092
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2018-15677
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247093
|
5.3 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprin…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15676
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247094
|
7.5 |
HIGH
Network
|
argussurveillance
|
dvr
|
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
|
CWE-22
Path Traversal
|
CVE-2018-15745
|
2024-11-21 12:51 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247095
|
9.8 |
CRITICAL
Network
|
broadcom
|
release_automation
|
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15691
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247096
|
7.8 |
HIGH
Local
|
manjaro
|
manjaro_linux
|
An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially conta…
|
CWE-269
Improper Privilege Management
|
CVE-2018-15912
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247097
|
6.5 |
MEDIUM
Adjacent
|
technicolor
|
tc8305c_firmware
|
Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might over…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-15907
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247098
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
|
NVD-CWE-noinfo
|
CVE-2018-15746
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247099
|
6.1 |
MEDIUM
Network
|
isweb
|
isweb
|
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15562
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247100
|
9.8 |
CRITICAL
Network
|
grafana
redhat
|
grafana
ceph_storage
|
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
|
CWE-287
Improper Authentication
|
CVE-2018-15727
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
