|
247351
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web scr…
|
CWE-284
Improper Access Control
|
CVE-2018-14864
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247352
|
8.1 |
HIGH
Network
|
odoo
|
odoo
|
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.
|
CWE-284
Improper Access Control
|
CVE-2018-14863
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247353
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14862
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247354
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14861
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247355
|
4.3 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records tha…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14866
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247356
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current…
|
CWE-287
Improper Authentication
|
CVE-2018-14868
|
2024-11-21 12:49 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247357
|
5.3 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess d…
|
CWE-284
Improper Access Control
|
CVE-2018-14867
|
2024-11-21 12:49 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247358
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14425
|
2024-11-21 12:49 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247359
|
8.8 |
HIGH
Network
|
comsenz
|
discuz\!
|
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
|
CWE-20
Improper Input Validation
|
CVE-2018-14729
|
2024-11-21 12:49 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247360
|
9.8 |
CRITICAL
Network
|
lg
|
n1a1_firmware
|
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
|
CWE-78
OS Command
|
CVE-2018-14839
|
2024-11-21 12:49 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
