|
247691
|
6.1 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15969
|
2024-11-21 12:51 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247692
|
9.8 |
CRITICAL
Network
|
avaya
|
avaya_aura_system_platform
|
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code executio…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15616
|
2024-11-21 12:51 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247693
|
9.8 |
CRITICAL
Network
|
agentejo
|
cockpit
|
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /medi…
|
CWE-22
Path Traversal
|
CVE-2018-15540
|
2024-11-21 12:51 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247694
|
8.8 |
HIGH
Network
|
agentejo
|
cockpit
|
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
|
CWE-352
Origin Validation Error
|
CVE-2018-15539
|
2024-11-21 12:51 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247695
|
6.1 |
MEDIUM
Network
|
agentejo
|
cockpit
|
Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15538
|
2024-11-21 12:51 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247696
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an un…
|
NVD-CWE-noinfo
|
CVE-2018-15593
|
2024-11-21 12:51 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247697
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.
|
CWE-269
Improper Privilege Management
|
CVE-2018-15592
|
2024-11-21 12:51 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247698
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by le…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2018-15591
|
2024-11-21 12:51 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247699
|
5.5 |
MEDIUM
Local
|
ivanti
|
workspace_control
|
An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security…
|
NVD-CWE-noinfo
|
CVE-2018-15590
|
2024-11-21 12:51 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247700
|
8.8 |
HIGH
Network
|
cloud_foundry
|
cf-networking
|
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated ma…
|
CWE-89
SQL Injection
|
CVE-2018-15755
|
2024-11-21 12:51 |
2018-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
