|
246961
|
7.2 |
HIGH
Network
|
bpcbt
|
smartvista
|
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.js…
|
CWE-269
Improper Privilege Management
|
CVE-2018-15207
|
2024-11-21 12:50 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246962
|
8.8 |
HIGH
Network
|
bpcbt
|
smartvista
|
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.
|
CWE-352
Origin Validation Error
|
CVE-2018-15206
|
2024-11-21 12:50 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246963
|
6.1 |
MEDIUM
Network
|
polarisft
|
intellect_core_banking
|
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI.
|
CWE-601
Open Redirect
|
CVE-2018-14931
|
2024-11-21 12:50 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246964
|
8.8 |
HIGH
Network
|
polarisft
|
intellect_core_banking
|
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-14930
|
2024-11-21 12:50 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246965
|
7.5 |
HIGH
Network
|
coolpad
t-mobile
|
defiant_firmware
revvl_plus_firmware
|
The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys) and the T-Mobile Revvl Plus (Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release…
|
CWE-20
Improper Input Validation
|
CVE-2018-15003
|
2024-11-21 12:50 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246966
|
6.3 |
MEDIUM
Local
|
vivo
|
v7_firmware
|
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, v…
|
NVD-CWE-noinfo
|
CVE-2018-15000
|
2024-11-21 12:50 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246967
|
9.1 |
CRITICAL
Network
|
leagoo
|
p1_firmware
|
The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.facto…
|
NVD-CWE-noinfo
|
CVE-2018-14999
|
2024-11-21 12:50 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246968
|
5.5 |
MEDIUM
Local
|
leagoo
|
p1_firmware
|
The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework (i.e., system_server) with a packag…
|
NVD-CWE-noinfo
CWE-862
Missing Authorization
|
CVE-2018-14997
|
2024-11-21 12:50 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246969
|
7.8 |
HIGH
Local
|
oppo
|
f5_firmware
|
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (ve…
|
NVD-CWE-noinfo
|
CVE-2018-14996
|
2024-11-21 12:50 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246970
|
7.5 |
HIGH
Network
|
essential
|
phone_firmware
|
The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.andr…
|
CWE-20
Improper Input Validation
|
CVE-2018-14994
|
2024-11-21 12:50 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
