|
247471
|
7.5 |
HIGH
Network
|
browserify-hot_module_replacement_project
|
browserify-hot_module_replacement
|
An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replac…
|
CWE-200
Information Exposure
|
CVE-2018-14730
|
2024-11-21 12:49 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247472
|
6.1 |
MEDIUM
Network
|
subsonic
|
subsonic
|
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/pl…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14691
|
2024-11-21 12:49 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247473
|
6.1 |
MEDIUM
Network
|
subsonic
|
subsonic
|
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14690
|
2024-11-21 12:49 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247474
|
6.1 |
MEDIUM
Network
|
subsonic
|
subsonic
|
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and s…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14689
|
2024-11-21 12:49 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247475
|
6.1 |
MEDIUM
Network
|
subsonic
|
subsonic
|
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an …
|
CWE-79
Cross-site Scripting
|
CVE-2018-14688
|
2024-11-21 12:49 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247476
|
7.5 |
HIGH
Network
|
haproxy
canonical
redhat
|
haproxy
ubuntu_linux
enterprise_linux
openshift_container_platform
openshift
|
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14645
|
2024-11-21 12:49 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247477
|
9.8 |
CRITICAL
Network
|
theforeman
|
foreman
|
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vuln…
|
-
|
CVE-2018-14643
|
2024-11-21 12:49 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247478
|
9.8 |
CRITICAL
Network
|
cwjoomla
|
cw_article_attachments_free
cw_article_attachments_pro
|
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
|
CWE-89
SQL Injection
|
CVE-2018-14592
|
2024-11-21 12:49 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247479
|
9.8 |
CRITICAL
Network
|
rockwellautomation
|
rslinx
|
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software appl…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14829
|
2024-11-21 12:49 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247480
|
7.5 |
HIGH
Network
|
rockwellautomation
|
rslinx
|
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-14827
|
2024-11-21 12:49 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
