|
246631
|
5.5 |
MEDIUM
Local
|
pulsesecure
|
pulse_secure_desktop_client
|
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2018-15749
|
2024-11-21 12:51 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246632
|
5.3 |
MEDIUM
Local
|
pulsesecure
|
pulse_secure_desktop_client
|
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.
|
CWE-78
OS Command
|
CVE-2018-15726
|
2024-11-21 12:51 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246633
|
5.4 |
MEDIUM
Network
|
jorani_project
|
jorani
|
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the applic…
|
CWE-89
SQL Injection
|
CVE-2018-15918
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246634
|
5.4 |
MEDIUM
Network
|
jorani_project
|
jorani
|
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15917
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246635
|
5.3 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive …
|
CWE-200
Information Exposure
|
CVE-2018-15684
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246636
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the p…
|
CWE-601
Open Redirect
|
CVE-2018-15683
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246637
|
8.8 |
HIGH
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated…
|
CWE-352
Origin Validation Error
|
CVE-2018-15682
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246638
|
9.8 |
CRITICAL
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to…
|
CWE-732
CWE-916
Incorrect Permission Assignment for Critical Resource
Use of Password Hash With Insufficient Computational Effort
|
CVE-2018-15681
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246639
|
9.8 |
CRITICAL
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2018-15680
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246640
|
6.1 |
MEDIUM
Network
|
btiteam
|
xbtit
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15679
|
2024-11-21 12:51 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
