|
246281
|
9.8 |
CRITICAL
Network
|
pescms
|
pescms_team
|
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16370
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246282
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE…
|
NVD-CWE-noinfo
|
CVE-2018-16369
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246283
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-16368
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246284
|
9.9 |
CRITICAL
Network
|
qduoj
|
onlinejudge
|
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
|
CWE-22
Path Traversal
|
CVE-2018-16367
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246285
|
8.8 |
HIGH
Network
|
idreamsoft
|
icms
|
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2018-16366
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246286
|
8.8 |
HIGH
Network
|
idreamsoft
|
icms
|
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2018-16365
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246287
|
6.1 |
MEDIUM
Network
|
mantisbt
|
source_integration
|
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages …
|
CWE-79
Cross-site Scripting
|
CVE-2018-16362
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246288
|
6.8 |
MEDIUM
Network
|
google
|
gvisor
|
Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.
|
NVD-CWE-noinfo
|
CVE-2018-16359
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246289
|
5.4 |
MEDIUM
Network
|
dotclear
|
dotclear
|
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS pay…
|
CWE-79
Cross-site Scripting
|
CVE-2018-16358
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246290
|
9.8 |
CRITICAL
Network
|
fhcrm_project
|
fhcrm
|
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter.
|
CWE-89
SQL Injection
|
CVE-2018-16354
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
