|
247671
|
8.8 |
HIGH
Network
|
gxlcms
|
gxlcms
|
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
|
CWE-352
Origin Validation Error
|
CVE-2018-15177
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247672
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact vi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15176
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247673
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified oth…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15175
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247674
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO f…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15174
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247675
|
7.5 |
HIGH
Network
|
nmap
|
nmap
|
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.
|
NVD-CWE-noinfo
|
CVE-2018-15173
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247676
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_applications_manager
|
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.d…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15169
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247677
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
|
CWE-89
SQL Injection
|
CVE-2018-15168
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247678
|
9.8 |
CRITICAL
Network
|
cela_link
|
clr-m20_firmware
|
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-15137
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247679
|
7.5 |
HIGH
Network
|
php
netapp
|
php
storage_automation_store
|
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the ope…
|
CWE-200
Information Exposure
|
CVE-2018-15132
|
2024-11-21 12:50 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247680
|
5.4 |
MEDIUM
Network
|
thinksaas
|
thinksaas
|
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15130
|
2024-11-21 12:50 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
