|
247431
|
7.8 |
HIGH
Local
|
fujielectric
|
energy_savings_estimator
|
An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2018-14812
|
2024-11-21 12:49 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247432
|
7.8 |
HIGH
Local
|
advantech
|
webaccess
|
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
|
CWE-269
Improper Privilege Management
|
CVE-2018-14828
|
2024-11-21 12:49 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247433
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
|
CWE-20
Improper Input Validation
|
CVE-2018-14820
|
2024-11-21 12:49 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247434
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-14816
|
2024-11-21 12:49 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247435
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
|
CWE-22
Path Traversal
|
CVE-2018-14806
|
2024-11-21 12:49 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247436
|
9.8 |
CRITICAL
Network
|
opto22
|
pac_control
|
A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-14807
|
2024-11-21 12:49 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247437
|
5.3 |
MEDIUM
Network
|
broadcom
|
ca_identity_governance
ca_identity_suite_virtual_appliance
|
CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate…
|
CWE-200
Information Exposure
|
CVE-2018-14597
|
2024-11-21 12:49 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247438
|
7.2 |
HIGH
Network
|
pydio
|
pydio
|
Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying s…
|
CWE-78
OS Command
|
CVE-2018-14772
|
2024-11-21 12:49 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247439
|
5.4 |
MEDIUM
Network
|
theforeman
|
foreman
|
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions t…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14664
|
2024-11-21 12:49 |
2018-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247440
|
9.8 |
CRITICAL
Network
|
redhat
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ceph_storage
ceph-iscsi-cli
|
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api pro…
|
-
|
CVE-2018-14649
|
2024-11-21 12:49 |
2018-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
