|
248101
|
5.4 |
MEDIUM
Network
|
vectra
|
cognito
|
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14890
|
2024-11-21 12:50 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248102
|
7.8 |
HIGH
Local
|
apache
|
couchdb
|
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
|
CWE-20
Improper Input Validation
|
CVE-2018-14889
|
2024-11-21 12:50 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248103
|
4.3 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages.
|
CWE-200
Information Exposure
|
CVE-2018-15310
|
2024-11-21 12:50 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248104
|
7.5 |
HIGH
Network
|
lwolf
|
loading_docs
|
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15502
|
2024-11-21 12:50 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248105
|
9.1 |
CRITICAL
Network
|
kone
|
group_controller_firmware
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the na…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2018-15486
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248106
|
9.1 |
CRITICAL
Network
|
kone
|
group_controller_firmware
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
|
CWE-287
Improper Authentication
|
CVE-2018-15485
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248107
|
9.8 |
CRITICAL
Network
|
kone
|
group_controller_firmware
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
|
CWE-78
OS Command
|
CVE-2018-15484
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248108
|
7.5 |
HIGH
Network
|
kone
|
group_controller_firmware
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.
|
CWE-20
Improper Input Validation
|
CVE-2018-15483
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248109
|
9.6 |
CRITICAL
Network
|
dokuwiki
|
dokuwiki
|
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to ex…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-15474
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248110
|
6.5 |
MEDIUM
Network
|
libesedb_project
|
libesedb
|
The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has di…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15161
|
2024-11-21 12:50 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
