|
247371
|
7.5 |
HIGH
Network
|
tenda
|
ac7_firmware
ac9_firmware
ac10_firmware
|
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14557
|
2024-11-21 12:49 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247372
|
6.1 |
MEDIUM
Network
|
paessler
|
prtg_network_monitor
|
PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14683
|
2024-11-21 12:49 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247373
|
6.5 |
MEDIUM
Network
|
we-con
|
pi_studio
pi_studio_hmi
|
WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14814
|
2024-11-21 12:49 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247374
|
8.8 |
HIGH
Adjacent
|
samsung
|
galaxy_s6_firmware
|
Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14745
|
2024-11-21 12:49 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247375
|
5.4 |
MEDIUM
Network
|
mybb
|
ban_list
|
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14724
|
2024-11-21 12:49 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247376
|
8.8 |
HIGH
Network
|
mybb
|
trash_bin
|
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2018-14575
|
2024-11-21 12:49 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247377
|
6.1 |
MEDIUM
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14486
|
2024-11-21 12:49 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247378
|
6.1 |
MEDIUM
Network
|
hyphp
|
hybbs
|
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14499
|
2024-11-21 12:49 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247379
|
6.5 |
MEDIUM
Network
|
mozilla
libjpeg-turbo
fedoraproject
debian
opensuse
|
mozjpeg
libjpeg-turbo
fedora
debian_linux
leap
|
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14498
|
2024-11-21 12:49 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247380
|
7.2 |
HIGH
Network
|
redhat
|
satellite
|
An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organiza…
|
CWE-863
Incorrect Authorization
|
CVE-2018-14666
|
2024-11-21 12:49 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
