|
248131
|
8.8 |
HIGH
Network
|
ucopia
|
wireless_appliance_firmware
|
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape …
|
CWE-78
OS Command
|
CVE-2018-15481
|
2024-11-21 12:50 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248132
|
7.5 |
HIGH
Network
|
embedthis
juniper
|
appweb
goahead
junos
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus caus…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-15505
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248133
|
7.5 |
HIGH
Network
|
embedthis
juniper
|
appweb
goahead
junos
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-15504
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248134
|
7.5 |
HIGH
Network
|
swoole
|
swoole
|
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15503
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248135
|
7.5 |
HIGH
Network
|
debian
libgit2
|
debian_linux
libgit2
|
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-boun…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15501
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248136
|
7.5 |
HIGH
Network
|
tecrail
|
responsive_filemanager
|
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/pa…
|
CWE-22
Path Traversal
|
CVE-2018-15495
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248137
|
9.8 |
CRITICAL
Network
|
dojotoolkit
debian
|
dojo
debian_linux
|
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2018-15494
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248138
|
7.5 |
HIGH
Network
|
gemalto
|
sentinel_license_manager
|
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
|
CWE-405
Asymmetric Resource Consumption (Amplification)
|
CVE-2018-15492
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248139
|
7.5 |
HIGH
Network
|
zemana
|
antilogger
|
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2…
|
CWE-798
CWE-732
Use of Hard-coded Credentials
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15491
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248140
|
9.8 |
CRITICAL
Network
|
google
|
android
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15482
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
