|
249461
|
6.1 |
MEDIUM
Network
|
frappe
|
erpnext
|
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11339
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249462
|
9.8 |
CRITICAL
Network
|
pluck-cms
|
pluck
|
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11331
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249463
|
4.8 |
MEDIUM
Network
|
pluck-cms
|
pluck
|
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11330
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249464
|
7.5 |
HIGH
Network
|
ethercartel
|
ether_cartel
|
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital asset…
|
NVD-CWE-noinfo
|
CVE-2018-11329
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249465
|
7.5 |
HIGH
Network
|
wizardmac
|
readstat
|
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-11365
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249466
|
7.5 |
HIGH
Network
|
wizardmac
|
readstat
|
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-11364
|
2024-11-21 12:43 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249467
|
9.8 |
CRITICAL
Network
|
octopus
|
octopus_server
|
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-11320
|
2024-11-21 12:43 |
2018-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249468
|
9.1 |
CRITICAL
Network
|
myscada
|
mypro
|
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11311
|
2024-11-21 12:43 |
2018-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249469
|
7.5 |
HIGH
Network
|
syntastic_project
debian
|
syntastic
debian_linux
|
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be e…
|
CWE-22
Path Traversal
|
CVE-2018-11319
|
2024-11-21 12:43 |
2018-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249470
|
6.5 |
MEDIUM
Adjacent
|
radiothermostat
|
ct50_firmware
ct80_firmware
|
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonst…
|
CWE-20
Improper Input Validation
|
CVE-2018-11315
|
2024-11-21 12:43 |
2018-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
