|
246331
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16833
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246332
|
9.8 |
CRITICAL
Network
|
seacms
|
seacms
|
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
|
CWE-89
SQL Injection
|
CVE-2018-16822
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246333
|
5.3 |
MEDIUM
Network
|
seacms
|
seacms
|
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16821
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246334
|
8.6 |
HIGH
Network
|
microsoft
|
exchange_server
|
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-16793
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246335
|
5.5 |
MEDIUM
Local
|
linux
netapp
opensuse
|
linux_kernel
element_software
active_iq_performance_analytics_services
leap
|
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
|
CWE-863
Incorrect Authorization
|
CVE-2018-16597
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246336
|
6.1 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16786
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246337
|
7.2 |
HIGH
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
|
CWE-91
Blind XPath Injection
|
CVE-2018-16784
|
2024-11-21 12:53 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246338
|
8.8 |
HIGH
Network
|
linknet-usa
|
lw-n605r_firmware
|
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the d…
|
CWE-78
CWE-1188
OS Command
Insecure Default Initialization of Resource
|
CVE-2018-16752
|
2024-11-21 12:53 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246339
|
8.8 |
HIGH
Network
|
dedecms
|
dedecms
|
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
|
CWE-91
Blind XPath Injection
|
CVE-2018-16785
|
2024-11-21 12:53 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246340
|
5.4 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16607
|
2024-11-21 12:53 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
