|
247311
|
6.1 |
MEDIUM
Network
|
samsung
|
syncthru_web_service
|
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14904
|
2024-11-21 12:50 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247312
|
7.5 |
HIGH
Network
|
php
netapp
|
php
storage_automation_store
|
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ex…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-14884
|
2024-11-21 12:50 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247313
|
7.5 |
HIGH
Network
|
php
canonical
debian
netapp
|
php
ubuntu_linux
debian_linux
storage_automation_store
|
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2018-14883
|
2024-11-21 12:50 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247314
|
4.3 |
MEDIUM
Network
|
samba
fedoraproject
|
samba
fedora
|
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attrib…
|
-
|
CVE-2018-14628
|
2024-11-21 12:49 |
2023-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247315
|
5.4 |
MEDIUM
Network
|
getkirby
|
kirby
|
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14520
|
2024-11-21 12:49 |
2022-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247316
|
4.3 |
MEDIUM
Network
|
getkirby
|
kirby
|
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.
|
CWE-352
Origin Validation Error
|
CVE-2018-14519
|
2024-11-21 12:49 |
2022-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247317
|
9.8 |
CRITICAL
Network
|
kibokolabs
|
chained_quiz
|
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.
|
CWE-89
SQL Injection
|
CVE-2018-14502
|
2024-11-21 12:49 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247318
|
9.8 |
CRITICAL
Network
|
drobo
|
5n2_firmware
|
In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and co…
|
CWE-287
Improper Authentication
|
CVE-2018-14705
|
2024-11-21 12:49 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247319
|
7.5 |
HIGH
Network
|
libgd
fedoraproject
canonical
debian
opensuse
|
libgd
fedora
ubuntu_linux
debian_linux
leap
|
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked wit…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-14553
|
2024-11-21 12:49 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247320
|
6.1 |
MEDIUM
Network
|
metalgenix
|
genixcms
|
GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14476
|
2024-11-21 12:49 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
