|
247621
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current…
|
CWE-287
Improper Authentication
|
CVE-2018-14868
|
2024-11-21 12:49 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247622
|
5.3 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess d…
|
CWE-284
Improper Access Control
|
CVE-2018-14867
|
2024-11-21 12:49 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247623
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14425
|
2024-11-21 12:49 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247624
|
8.8 |
HIGH
Network
|
comsenz
|
discuz\!
|
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
|
CWE-20
Improper Input Validation
|
CVE-2018-14729
|
2024-11-21 12:49 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247625
|
9.8 |
CRITICAL
Network
|
lg
|
n1a1_firmware
|
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
|
CWE-78
OS Command
|
CVE-2018-14839
|
2024-11-21 12:49 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247626
|
9.8 |
CRITICAL
Network
|
asus
|
rt-ac3200_firmware
|
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
|
NVD-CWE-noinfo
|
CVE-2018-14714
|
2024-11-21 12:49 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247627
|
8.1 |
HIGH
Network
|
asus
|
rt-ac3200_firmware
|
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2018-14713
|
2024-11-21 12:49 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247628
|
6.5 |
MEDIUM
Network
|
asus
|
rt-ac3200_firmware
|
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14712
|
2024-11-21 12:49 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247629
|
6.5 |
MEDIUM
Network
|
asus
|
rt-ac3200_firmware
|
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
|
CWE-352
Origin Validation Error
|
CVE-2018-14711
|
2024-11-21 12:49 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247630
|
6.1 |
MEDIUM
Network
|
asus
|
rt-ac3200_firmware
|
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14710
|
2024-11-21 12:49 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
