|
247611
|
7.5 |
HIGH
Network
|
invoxia
|
nvx220_firmware
|
Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes.
|
CWE-200
Information Exposure
|
CVE-2018-14529
|
2024-11-21 12:49 |
2019-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247612
|
9.8 |
CRITICAL
Network
|
invoxia
|
nvx220_firmware
|
Invoxia NVX220 devices allow TELNET access as admin with a default password.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-14528
|
2024-11-21 12:49 |
2019-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247613
|
9.1 |
CRITICAL
Network
|
odoo
|
odoo
|
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression s…
|
CWE-78
OS Command
|
CVE-2018-14860
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247614
|
8.1 |
HIGH
Network
|
odoo
|
odoo
|
Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by bei…
|
CWE-284
Improper Access Control
|
CVE-2018-14859
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247615
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote at…
|
CWE-200
Information Exposure
|
CVE-2018-14865
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247616
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web scr…
|
CWE-284
Improper Access Control
|
CVE-2018-14864
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247617
|
8.1 |
HIGH
Network
|
odoo
|
odoo
|
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.
|
CWE-284
Improper Access Control
|
CVE-2018-14863
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247618
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14862
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247619
|
6.5 |
MEDIUM
Network
|
odoo
|
odoo
|
Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14861
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247620
|
4.3 |
MEDIUM
Network
|
odoo
|
odoo
|
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records tha…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14866
|
2024-11-21 12:49 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
