|
247691
|
4.8 |
MEDIUM
Network
|
domainmod
|
domainmod
|
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19752
|
2024-11-21 12:58 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247692
|
4.8 |
MEDIUM
Network
|
domainmod
|
domainmod
|
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19751
|
2024-11-21 12:58 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247693
|
5.4 |
MEDIUM
Network
|
domainmod
|
domainmod
|
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19750
|
2024-11-21 12:58 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247694
|
4.8 |
MEDIUM
Network
|
domainmod
|
domainmod
|
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19749
|
2024-11-21 12:58 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247695
|
7.5 |
HIGH
Network
|
sdcms
|
sdcms
|
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter m…
|
CWE-22
Path Traversal
|
CVE-2018-19748
|
2024-11-21 12:58 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247696
|
6.1 |
MEDIUM
Network
|
tp5cms_project
|
tp5cms
|
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19693
|
2024-11-21 12:58 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247697
|
9.8 |
CRITICAL
Network
|
tp5cms_project
|
tp5cms
|
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-19692
|
2024-11-21 12:58 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247698
|
7.8 |
HIGH
Local
|
ossec wazuh
|
ossec wazuh
|
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
|
CWE-22
Path Traversal
|
CVE-2018-19666
|
2024-11-21 12:58 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247699
|
6.5 |
MEDIUM
Network
|
libjpeg-turbo
|
libjpeg-turbo
|
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-19664
|
2024-11-21 12:58 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247700
|
8.1 |
HIGH
Network
|
libsndfile_project debian
|
libsndfile debian_linux
|
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-19662
|
2024-11-21 12:58 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|