|
246331
|
5.7 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.
|
CWE-287
Improper Authentication
|
CVE-2018-16464
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246332
|
3.1 |
LOW
Network
|
nextcloud
|
nextcloud_server
|
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.
|
CWE-384
Session Fixation
|
CVE-2018-16463
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246333
|
10.0 |
CRITICAL
Network
|
apex-publish-static-files_project
|
apex-publish-static-files
|
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
|
CWE-78
OS Command
|
CVE-2018-16462
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246334
|
9.8 |
CRITICAL
Network
|
libnmap_project
|
libnmap
|
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.
|
CWE-78
OS Command
|
CVE-2018-16461
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246335
|
6.1 |
MEDIUM
Network
|
telligent
|
community
|
Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16235
|
2024-11-21 12:52 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246336
|
6.1 |
MEDIUM
Network
|
mitel
|
mivoice_office_400
|
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (X…
|
CWE-79
Cross-site Scripting
|
CVE-2018-16226
|
2024-11-21 12:52 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246337
|
8.8 |
HIGH
Network
|
ipfire
|
ipfire
|
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execut…
|
CWE-78
OS Command
|
CVE-2018-16232
|
2024-11-21 12:52 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246338
|
6.1 |
MEDIUM
Network
|
wago
|
wago_750-881_ethernet_controller_devices_firmware
|
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16210
|
2024-11-21 12:52 |
2018-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246339
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-20…
|
CWE-416
Use After Free
|
CVE-2018-16297
|
2024-11-21 12:52 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246340
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-20…
|
CWE-416
Use After Free
|
CVE-2018-16296
|
2024-11-21 12:52 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
