|
247801
|
5.4 |
MEDIUM
Network
|
mybb
|
ban_list
|
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14724
|
2024-11-21 12:49 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247802
|
8.8 |
HIGH
Network
|
mybb
|
trash_bin
|
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2018-14575
|
2024-11-21 12:49 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247803
|
6.1 |
MEDIUM
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14486
|
2024-11-21 12:49 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247804
|
6.1 |
MEDIUM
Network
|
hyphp
|
hybbs
|
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14499
|
2024-11-21 12:49 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247805
|
6.5 |
MEDIUM
Network
|
mozilla
libjpeg-turbo
fedoraproject
debian
opensuse
|
mozjpeg
libjpeg-turbo
fedora
debian_linux
leap
|
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14498
|
2024-11-21 12:49 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247806
|
7.2 |
HIGH
Network
|
redhat
|
satellite
|
An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organiza…
|
CWE-863
Incorrect Authorization
|
CVE-2018-14666
|
2024-11-21 12:49 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247807
|
5.7 |
MEDIUM
Adjacent
|
redhat
debian
opensuse
canonical
|
ceph
debian_linux
leap
enterprise_linux_server
ceph_storage
ubuntu_linux
|
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
|
-
|
CVE-2018-14662
|
2024-11-21 12:49 |
2019-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247808
|
6.1 |
MEDIUM
Network
|
osclass
|
osclass
|
Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14481
|
2024-11-21 12:49 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247809
|
10.0 |
CRITICAL
Network
|
fasterxml
debian
oracle
redhat
|
jackson-databind
debian_linux
primavera_unifier
banking_platform
jdeveloper
retail_merchandising_system
webcenter_portal
communications_billing_and_revenue_management
financia…
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic de…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-14721
|
2024-11-21 12:49 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247810
|
9.8 |
CRITICAL
Network
|
fasterxml
debian
oracle
redhat
|
jackson-databind
debian_linux
primavera_unifier
banking_platform
jdeveloper
retail_merchandising_system
webcenter_portal
communications_billing_and_revenue_management
financia…
|
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
|
CWE-611
CWE-502
XXE
Deserialization of Untrusted Data
|
CVE-2018-14720
|
2024-11-21 12:49 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
