|
250341
|
6.1 |
MEDIUM
Network
|
nch
|
axon_pbx
|
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11552
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250342
|
7.8 |
HIGH
Local
|
nch
|
axon_pbx
|
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file i…
|
CWE-426
Untrusted Search Path
|
CVE-2018-11551
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250343
|
7.5 |
HIGH
Network
|
miniupnp_project
|
ngiflib
|
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-11657
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250344
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image fil…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-11656
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250345
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted C…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-11655
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250346
|
9.8 |
CRITICAL
Network
|
cirt.net
|
nikto
|
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV r…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-11652
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250347
|
6.1 |
MEDIUM
Network
|
emssoftware
|
ems_master_calendar
|
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11628
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250348
|
6.1 |
MEDIUM
Network
|
multidots
|
advance_search_for_woocommerce
|
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-a…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11486
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250349
|
6.1 |
MEDIUM
Network
|
multidots
|
woocommerce_quick_reports
|
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11485
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250350
|
6.1 |
MEDIUM
Network
|
graylog
|
graylog
|
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashb…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11651
|
2024-11-21 12:43 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
