|
246451
|
5.5 |
MEDIUM
Local
|
byvoid
|
open_chinese_convert
|
Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffs…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-16982
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246452
|
8.8 |
HIGH
Network
|
nothings
debian
|
stb_image.h
debian_linux
|
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16981
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246453
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16980
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246454
|
6.1 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
|
CWE-113
HTTP Response Splitting
|
CVE-2018-16979
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246455
|
6.1 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16978
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246456
|
5.3 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
|
CWE-200
Information Exposure
|
CVE-2018-16977
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246457
|
8.1 |
HIGH
Network
|
gitolite
|
gitolite
|
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migrat…
|
CWE-362
Race Condition
|
CVE-2018-16976
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246458
|
9.8 |
CRITICAL
Network
|
elefantcms
|
elefant
|
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunct…
|
CWE-94
Code Injection
|
CVE-2018-16975
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246459
|
9.8 |
CRITICAL
Network
|
elefantcms
|
elefant
|
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess fil…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16974
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246460
|
4.3 |
MEDIUM
Network
|
wisetail
|
learning_management_system
|
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-16971
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
