|
249331
|
7.8 |
HIGH
Local
|
navercorp
|
whale
|
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
|
CWE-426
Untrusted Search Path
|
CVE-2018-12449
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249332
|
9.8 |
CRITICAL
Network
|
episerver
|
ektron_cms
|
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is …
|
CWE-269
Improper Privilege Management
|
CVE-2018-12596
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249333
|
8.8 |
HIGH
Network
|
intelbras
|
nplug_firmware
|
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, …
|
CWE-352
Origin Validation Error
|
CVE-2018-12456
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249334
|
8.1 |
HIGH
Network
|
intelbras
|
nplug_firmware
|
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
|
CWE-287
Improper Authentication
|
CVE-2018-12455
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249335
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the…
|
CWE-611
XXE
|
CVE-2018-12544
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249336
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (…
|
CWE-22
Path Traversal
|
CVE-2018-12542
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249337
|
6.5 |
MEDIUM
Network
|
eclipse
|
vert.x
|
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12541
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249338
|
9.8 |
CRITICAL
Network
|
tibco
|
spotfire_statistics_services
|
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attack…
|
NVD-CWE-noinfo
|
CVE-2018-12410
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249339
|
7.5 |
HIGH
Network
|
opensuse
|
open_build_service
|
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions pri…
|
CWE-20
Improper Input Validation
|
CVE-2018-12479
|
2024-11-21 12:45 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249340
|
6.5 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: sta…
|
CWE-20
Improper Input Validation
|
CVE-2018-12478
|
2024-11-21 12:45 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
