|
246651
|
8.8 |
HIGH
Network
|
phonepe
|
phonepe
|
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor s…
|
NVD-CWE-noinfo
|
CVE-2018-17403
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246652
|
5.3 |
MEDIUM
Network
|
phonepe
|
phonepe
|
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendo…
|
CWE-200
Information Exposure
|
CVE-2018-17402
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246653
|
8.8 |
HIGH
Network
|
phonepe
|
phonepe
|
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the v…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-17401
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246654
|
7.0 |
HIGH
Local
|
phonepe
|
phonepe
|
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initia…
|
NVD-CWE-noinfo
|
CVE-2018-17400
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246655
|
8.8 |
HIGH
Network
|
mcms_project
|
mcms
|
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
|
CWE-352
Origin Validation Error
|
CVE-2018-17366
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246656
|
8.1 |
HIGH
Network
|
otcms
|
otcms
|
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.
|
CWE-94
CWE-362
Code Injection
Race Condition
|
CVE-2018-17364
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246657
|
6.1 |
MEDIUM
Network
|
weaselcms_project
|
weaselcms
|
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17361
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246658
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to ca…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-17360
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246659
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could lever…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17359
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246660
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17358
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
