|
248711
|
8.8 |
HIGH
Network
|
samsung
|
galaxy_s8_firmware
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that…
|
CWE-20
Improper Input Validation
|
CVE-2018-14318
|
2024-11-21 12:48 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248712
|
7.5 |
HIGH
Network
|
smarty
debian
|
smarty
debian_linux
|
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the execut…
|
CWE-22
Path Traversal
|
CVE-2018-13982
|
2024-11-21 12:48 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248713
|
6.5 |
MEDIUM
Network
|
podofo_project
|
podofo
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14320
|
2024-11-21 12:48 |
2018-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248714
|
8.6 |
HIGH
Network
|
siemens
|
scalance_x408_firmware
scalance_x300_firmware
scalance_x414_firmware
|
A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an att…
|
CWE-20
Improper Input Validation
|
CVE-2018-13807
|
2024-11-21 12:48 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248715
|
7.8 |
HIGH
Local
|
siemens
|
td_keypad_designer
|
A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to e…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2018-13806
|
2024-11-21 12:48 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248716
|
9.1 |
CRITICAL
Network
|
siemens
|
simatic_wincc_open_architecture
|
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated rem…
|
NVD-CWE-noinfo
|
CVE-2018-13799
|
2024-11-21 12:48 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248717
|
6.1 |
MEDIUM
Network
|
cremecrm
|
cremecrm
|
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to …
|
CWE-601
Open Redirect
|
CVE-2018-14398
|
2024-11-21 12:48 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248718
|
5.4 |
MEDIUM
Network
|
cremecrm
|
cremecrm
|
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-z…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14397
|
2024-11-21 12:48 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248719
|
5.4 |
MEDIUM
Network
|
cremecrm
|
cremecrm
|
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14396
|
2024-11-21 12:48 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248720
|
6.1 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_policy_secure
pulse_connect_secure
connect_secure
|
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerabi…
|
CWE-601
Open Redirect
|
CVE-2018-14366
|
2024-11-21 12:48 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
