|
246461
|
9.8 |
CRITICAL
Network
|
phome
|
empirecms
|
Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file.
|
CWE-94
Code Injection
|
CVE-2018-20300
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246462
|
9.8 |
CRITICAL
Network
|
bosch
|
360-indoor_camera_firmware eyes_outdoor_camera_firmware
|
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unautho…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20299
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246463
|
6.5 |
MEDIUM
Network
|
s3browser
|
s3_browser
|
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a ma…
|
CWE-611
XXE
|
CVE-2018-20298
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246464
|
8.8 |
HIGH
Network
|
simbahosting
|
two-factor-authentication
|
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce vali…
|
CWE-352
Origin Validation Error
|
CVE-2018-20231
|
2024-11-21 13:01 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246465
|
7.8 |
HIGH
Local
|
gnu
|
pspp
|
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (app…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20230
|
2024-11-21 13:01 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246466
|
8.0 |
HIGH
Network
|
subsonic
|
subsonic
|
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
|
CWE-352 CWE-918
Origin Validation Error Server-Side Request Forgery (SSRF)
|
CVE-2018-20228
|
2024-11-21 13:01 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246467
|
7.5 |
HIGH
Network
|
eclipse
|
rdf4j
|
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
|
CWE-22
Path Traversal
|
CVE-2018-20227
|
2024-11-21 13:01 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246468
|
7.5 |
HIGH
Network
|
libexcel_project
|
libexcel
|
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. NOTE: this is not a Microsoft product.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20213
|
2024-11-21 13:01 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246469
|
7.8 |
HIGH
Local
|
pur3
|
espruino
|
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20201
|
2024-11-21 13:01 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246470
|
5.5 |
MEDIUM
Local
|
audiocoding debian
|
freeware_advanced_audio_decoder_2 debian_linux
|
A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20199
|
2024-11-21 13:01 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|