|
246561
|
7.5 |
HIGH
Network
|
mitsubishielectric
|
smartrtu_firmware
|
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2018-16060
|
2024-11-21 12:52 |
2021-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246562
|
5.9 |
MEDIUM
Network
|
versa-networks
|
versa_operating_system
|
In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption …
|
CWE-326
Inadequate Encryption Strength
|
CVE-2018-16499
|
2024-11-21 12:52 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246563
|
5.5 |
MEDIUM
Local
|
versa-networks
|
versa_director
|
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2018-16498
|
2024-11-21 12:52 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246564
|
7.8 |
HIGH
Local
|
versa-networks
|
versa_analytics
|
In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege esc…
|
CWE-269
Improper Privilege Management
|
CVE-2018-16497
|
2024-11-21 12:52 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246565
|
5.3 |
MEDIUM
Network
|
versa-networks
|
versa_director
|
In Versa Director, the un-authentication request found.
|
CWE-287
Improper Authentication
|
CVE-2018-16496
|
2024-11-21 12:52 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246566
|
8.8 |
HIGH
Network
|
versa-networks
|
versa_operating_system
|
In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new…
|
CWE-384
Session Fixation
|
CVE-2018-16495
|
2024-11-21 12:52 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246567
|
8.8 |
HIGH
Network
|
versa-networks
|
versa_operating_system
|
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or executi…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2018-16494
|
2024-11-21 12:52 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246568
|
5.4 |
MEDIUM
Network
|
solarwinds
|
database_performance_analyzer
|
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, a…
|
CWE-79
Cross-site Scripting
|
CVE-2018-16243
|
2024-11-21 12:52 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246569
|
9.8 |
CRITICAL
Network
|
pbootcms
|
pbootcms
|
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.
|
CWE-89
SQL Injection
|
CVE-2018-16357
|
2024-11-21 12:52 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246570
|
9.8 |
CRITICAL
Network
|
pbootcms
|
pbootcms
|
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.
|
CWE-89
SQL Injection
|
CVE-2018-16356
|
2024-11-21 12:52 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
