|
251131
|
6.1 |
MEDIUM
Network
|
netcommwireless
|
nwl-25_firmware
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14784
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251132
|
8.8 |
HIGH
Network
|
netcommwireless
|
nwl-25_firmware
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device…
|
CWE-352
Origin Validation Error
|
CVE-2018-14783
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251133
|
7.5 |
HIGH
Network
|
netcommwireless
|
nwl-25_firmware
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.
|
CWE-287
Improper Authentication
|
CVE-2018-14782
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251134
|
4.8 |
MEDIUM
Network
|
wolfcms
|
wolf_cms
|
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14837
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251135
|
6.1 |
MEDIUM
Network
|
coremail
|
coremail_xt
|
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14503
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251136
|
7.5 |
HIGH
Network
|
hitachi
|
compute_systems_manager device_manager replication_manager tiered_storage_manager tuning_manager command_suite
|
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via…
|
CWE-200
Information Exposure
|
CVE-2018-14735
|
2024-11-21 12:49 |
2018-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251137
|
6.5 |
MEDIUM
Adjacent
|
canonical debian w1.fi
|
ubuntu_linux debian_linux wpa_supplicant
|
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker …
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2018-14526
|
2024-11-21 12:49 |
2018-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251138
|
5.4 |
MEDIUM
Network
|
php_template_store_script_project
|
php_template_store_script
|
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14869
|
2024-11-21 12:49 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251139
|
8.8 |
HIGH
Network
|
ocsinventory-ng
|
ocs_inventory_server
|
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-14857
|
2024-11-21 12:49 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251140
|
7.5 |
HIGH
Network
|
nystudio107
|
seomatic
|
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can…
|
CWE-94
Code Injection
|
CVE-2018-14716
|
2024-11-21 12:49 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|