|
247131
|
9.8 |
CRITICAL
Network
|
wuzhi_cms_project
|
wuzhi_cms
|
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.
|
CWE-89
SQL Injection
|
CVE-2018-15894
|
2024-11-21 12:51 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247132
|
9.8 |
CRITICAL
Network
|
wuzhi_cms_project
|
wuzhi_cms
|
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
|
CWE-89
SQL Injection
|
CVE-2018-15893
|
2024-11-21 12:51 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247133
|
9.8 |
CRITICAL
Network
|
aspcms
|
aspcms
|
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.
|
CWE-20
Improper Input Validation
|
CVE-2018-15888
|
2024-11-21 12:51 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247134
|
7.5 |
HIGH
Network
|
ovation
|
findme
|
Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities o…
|
CWE-20
Improper Input Validation
|
CVE-2018-15885
|
2024-11-21 12:51 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247135
|
6.1 |
MEDIUM
Network
|
zyxel
|
vmg3312_b10b_firmware
|
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15602
|
2024-11-21 12:51 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247136
|
4.3 |
MEDIUM
Network
|
vanillaforums
|
vanilla_forums
|
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-15833
|
2024-11-21 12:51 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247137
|
8.8 |
HIGH
Network
|
plainview_activity_monitor_project
|
plainview_activity_monitor
|
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_…
|
CWE-78
OS Command
|
CVE-2018-15877
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247138
|
5.3 |
MEDIUM
Network
|
ajax_bootmodal_login_project
|
ajax_bootmodal_login
|
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this i…
|
CWE-20
Improper Input Validation
|
CVE-2018-15876
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247139
|
5.5 |
MEDIUM
Local
|
xkbcommon
canonical
|
xkbcommon
libxkbcommon
ubuntu_linux
|
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-15864
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247140
|
5.5 |
MEDIUM
Local
|
xkbcommon
canonical
|
xkbcommon
libxkbcommon
ubuntu_linux
|
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by sup…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-15863
|
2024-11-21 12:51 |
2018-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
