|
246451
|
7.8 |
HIGH
Local
|
cyberark
|
endpoint_privilege_manager
|
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
|
CWE-269
Improper Privilege Management
|
CVE-2018-14894
|
2024-11-21 12:50 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246452
|
6.1 |
MEDIUM
Network
|
qasymphony
|
qtest_manager
|
qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter.
|
CWE-601
Open Redirect
|
CVE-2018-15180
|
2024-11-21 12:50 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246453
|
7.5 |
HIGH
Network
|
five9
|
agent_desktop_plus
|
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(is…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15508
|
2024-11-21 12:50 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246454
|
8.1 |
HIGH
Network
|
ysoft
|
safeq_server_client
|
YSoft SafeQ Server 6 allows a replay attack.
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2018-15498
|
2024-11-21 12:50 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246455
|
9.8 |
CRITICAL
Network
|
five9
|
agent_desktop_plus
|
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15509
|
2024-11-21 12:50 |
2019-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246456
|
9.8 |
CRITICAL
Network
|
uvnc
|
ultravnc
|
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vu…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-15361
|
2024-11-21 12:50 |
2019-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246457
|
8.8 |
HIGH
Adjacent
|
cisco
|
hyperflex_hx_data_platform
|
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insuffic…
|
CWE-78
OS Command
|
CVE-2018-15380
|
2024-11-21 12:50 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246458
|
8.6 |
HIGH
Network
|
dlink
|
central_wifimanager
|
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, le…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-15517
|
2024-11-21 12:50 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246459
|
5.8 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-15516
|
2024-11-21 12:50 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246460
|
7.8 |
HIGH
Local
|
dlink
|
central_wifimanager
|
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which a…
|
NVD-CWE-noinfo
|
CVE-2018-15515
|
2024-11-21 12:50 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
