|
246661
|
8.1 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_u…
|
CWE-287
Improper Authentication
|
CVE-2018-17341
|
2024-11-21 12:54 |
2018-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246662
|
7.8 |
HIGH
Local
|
pdfalto_project
|
pdfalto
|
An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17338
|
2024-11-21 12:54 |
2018-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246663
|
7.8 |
HIGH
Local
|
freedesktop
canonical
|
udisks
ubuntu_linux
|
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2018-17336
|
2024-11-21 12:54 |
2018-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246664
|
9.8 |
CRITICAL
Network
|
libsvg2_project
|
libsvg2
|
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (applicat…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17334
|
2024-11-21 12:54 |
2018-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246665
|
9.8 |
CRITICAL
Network
|
libsvg2_project
|
libsvg2
|
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or po…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17333
|
2024-11-21 12:54 |
2018-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246666
|
7.5 |
HIGH
Network
|
libsvg2_project
|
libsvg2
|
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-17332
|
2024-11-21 12:54 |
2018-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246667
|
6.1 |
MEDIUM
Network
|
yunucms
|
yunucms
|
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17322
|
2024-11-21 12:54 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246668
|
6.1 |
MEDIUM
Network
|
seacms
|
seacms
|
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17321
|
2024-11-21 12:54 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246669
|
6.1 |
MEDIUM
Network
|
ucms_project
|
ucms
|
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17320
|
2024-11-21 12:54 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246670
|
9.8 |
CRITICAL
Network
|
fruitywifi_project
|
fruitywifi
|
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_i…
|
CWE-78
OS Command
|
CVE-2018-17317
|
2024-11-21 12:54 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
