|
248021
|
8.8 |
HIGH
Network
|
paessler
|
prtg_network_monitor
|
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Ad…
|
CWE-20
Improper Input Validation
|
CVE-2018-19204
|
2024-11-21 12:57 |
2018-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248022
|
7.5 |
HIGH
Network
|
paessler
|
prtg_network_monitor
|
PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request.
|
NVD-CWE-noinfo
|
CVE-2018-19203
|
2024-11-21 12:57 |
2018-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248023
|
7.5 |
HIGH
Network
|
uriparser_project debian
|
uriparser debian_linux
|
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-19200
|
2024-11-21 12:57 |
2018-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248024
|
9.8 |
CRITICAL
Network
|
uriparser_project debian
|
uriparser debian_linux
|
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-19199
|
2024-11-21 12:57 |
2018-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248025
|
9.8 |
CRITICAL
Network
|
uriparser_project debian
|
uriparser debian_linux
|
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain co…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-19198
|
2024-11-21 12:57 |
2018-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248026
|
4.9 |
MEDIUM
Network
|
xiaocms
|
xiaocms
|
An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal.
|
CWE-22
Path Traversal
|
CVE-2018-19197
|
2024-11-21 12:57 |
2018-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248027
|
9.8 |
CRITICAL
Network
|
xiaocms
|
xiaocms
|
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on up…
|
CWE-94
Code Injection
|
CVE-2018-19196
|
2024-11-21 12:57 |
2018-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248028
|
6.1 |
MEDIUM
Network
|
xiaocms
|
xiaocms
|
An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19195
|
2024-11-21 12:57 |
2018-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248029
|
5.3 |
MEDIUM
Network
|
xiaocms
|
xiaocms
|
An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message.
|
CWE-200
Information Exposure
|
CVE-2018-19194
|
2024-11-21 12:57 |
2018-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248030
|
6.1 |
MEDIUM
Network
|
xiaocms
|
xiaocms
|
An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19193
|
2024-11-21 12:57 |
2018-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|