|
246321
|
8.8 |
HIGH
Network
|
icmsdev
|
icms
|
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.p…
|
CWE-352
Origin Validation Error
|
CVE-2018-16314
|
2024-11-21 12:52 |
2018-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246322
|
6.1 |
MEDIUM
Network
|
bludit
|
bludit
|
Bludit 2.3.4 allows XSS via a user name.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16313
|
2024-11-21 12:52 |
2018-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246323
|
8.6 |
HIGH
Local
|
ninjaforms
|
ninja_forms
|
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-16308
|
2024-11-21 12:52 |
2018-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246324
|
7.5 |
HIGH
Network
|
tracker-software
|
pdf-xchange_editor
|
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.
|
CWE-611
XXE
|
CVE-2018-16303
|
2024-11-21 12:52 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246325
|
7.8 |
HIGH
Local
|
mc1soft
|
zip-n-go
|
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16302
|
2024-11-21 12:52 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246326
|
6.1 |
MEDIUM
Network
|
1234n
|
minicms
|
An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16298
|
2024-11-21 12:52 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246327
|
9.8 |
CRITICAL
Network
|
phpkaiyuancms
|
phpopensourcecms
|
phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir par…
|
CWE-89
SQL Injection
|
CVE-2018-16278
|
2024-11-21 12:52 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246328
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16276
|
2024-11-21 12:52 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246329
|
7.8 |
HIGH
Local
|
opswat
|
metadefender
|
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-16275
|
2024-11-21 12:52 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246330
|
9.8 |
CRITICAL
Network
|
damicms
|
damicms
|
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2018-16239
|
2024-11-21 12:52 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
