|
247231
|
4.4 |
MEDIUM
Local
|
avaya
|
call_management_system_supervisor
|
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected vers…
|
CWE-200
Information Exposure
|
CVE-2018-15615
|
2024-11-21 12:51 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247232
|
6.1 |
MEDIUM
Network
|
avaya
|
aura_orchestration_designer
|
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avay…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15613
|
2024-11-21 12:51 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247233
|
8.8 |
HIGH
Network
|
avaya
|
orchestration_designer
|
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Or…
|
CWE-352
Origin Validation Error
|
CVE-2018-15612
|
2024-11-21 12:51 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247234
|
8.8 |
HIGH
Network
|
ubisoft
|
uplay
|
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visi…
|
CWE-20
Improper Input Validation
|
CVE-2018-15832
|
2024-11-21 12:51 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247235
|
6.1 |
MEDIUM
Network
|
accusoft
|
prizmdoc
|
Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15546
|
2024-11-21 12:51 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247236
|
8.8 |
HIGH
Network
|
avaya
|
ip_office
|
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 th…
|
CWE-22
Path Traversal
|
CVE-2018-15610
|
2024-11-21 12:51 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247237
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-15834
|
2024-11-21 12:51 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247238
|
5.9 |
MEDIUM
Network
|
subsonic
|
music_streamer
|
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction dat…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-15898
|
2024-11-21 12:51 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247239
|
7.2 |
HIGH
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to …
|
CWE-94
Code Injection
|
CVE-2018-15886
|
2024-11-21 12:51 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247240
|
7.5 |
HIGH
Network
|
theethereumlottery
|
the_ethereum_lottery
|
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (w…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2018-15552
|
2024-11-21 12:51 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
