|
252711
|
8.8 |
HIGH
Network
|
tencent
|
foxmail
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the t…
|
CWE-78
OS Command
|
CVE-2018-11616
|
2024-11-21 12:43 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252712
|
7.5 |
HIGH
Network
|
mosca_project
|
mosca
|
This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists withi…
|
CWE-185
Incorrect Regular Expression
|
CVE-2018-11615
|
2024-11-21 12:43 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252713
|
7.5 |
HIGH
Network
|
seasofsolutions
|
ip_camera_firmware
|
Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.
|
CWE-200
Information Exposure
|
CVE-2018-11654
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252714
|
9.8 |
CRITICAL
Network
|
seasofsolutions
|
ip_camera_firmware
|
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like …
|
CWE-200
Information Exposure
|
CVE-2018-11653
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252715
|
6.5 |
MEDIUM
Network
|
moderator_log_notes_project
|
moderator_log_notes
|
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and m…
|
CWE-352
Origin Validation Error
|
CVE-2018-11502
|
2024-11-21 12:43 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252716
|
9.8 |
CRITICAL
Network
|
puppet
|
puppet_enterprise
|
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-11749
|
2024-11-21 12:43 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252717
|
8.1 |
HIGH
Network
|
apache
|
cayenne
|
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cay…
|
CWE-611
XXE
|
CVE-2018-11758
|
2024-11-21 12:43 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252718
|
9.8 |
CRITICAL
Network
|
asustor
|
asustor_data_master
|
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album…
|
CWE-89
SQL Injection
|
CVE-2018-11511
|
2024-11-21 12:43 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252719
|
9.8 |
CRITICAL
Network
|
asustor
|
asustor_data_master
|
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11509
|
2024-11-21 12:43 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252720
|
5.5 |
MEDIUM
Local
|
apache
oracle
|
commons_compress
weblogic_server
|
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-11771
|
2024-11-21 12:43 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
