|
248921
|
6.7 |
MEDIUM
Local
|
pearsonvue
|
iqsystem_7
console_8
|
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrato…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2018-12989
|
2024-11-21 12:46 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248922
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12944
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248923
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12943
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248924
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an e…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12940
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248925
|
6.5 |
MEDIUM
Network
|
seeddms
|
seeddms
|
A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.U…
|
CWE-22
Path Traversal
|
CVE-2018-12939
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248926
|
5.9 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS ses…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2018-13280
|
2024-11-21 12:46 |
2018-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248927
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the applicati…
|
CWE-89
SQL Injection
|
CVE-2018-12942
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248928
|
8.8 |
HIGH
Network
|
seeddms
|
seeddms
|
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following us…
|
CWE-20
Improper Input Validation
|
CVE-2018-12941
|
2024-11-21 12:46 |
2018-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248929
|
7.5 |
HIGH
Network
|
aditustoken_project
|
aditustoken
|
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
|
CWE-20
Improper Input Validation
|
CVE-2018-12959
|
2024-11-21 12:46 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248930
|
9.8 |
CRITICAL
Network
|
webkitgtk
canonical
|
webkitgtk\+
ubuntu_linux
|
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12911
|
2024-11-21 12:46 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
