|
249671
|
7.8 |
HIGH
Local
|
kakaocorp
|
potplayer
|
A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16797
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249672
|
8.8 |
HIGH
Network
|
monstra
|
monstra
|
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-16608
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249673
|
8.1 |
HIGH
Network
|
mongodb
|
libbson
|
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-16790
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249674
|
8.8 |
HIGH
Network
|
entropymine
|
imageworsener
|
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16782
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249675
|
6.5 |
MEDIUM
Network
|
rockcarry
|
ffjpeg
|
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.
|
CWE-682 CWE-755
Incorrect Calculation Improper Handling of Exceptional Conditions
|
CVE-2018-16781
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249676
|
5.4 |
MEDIUM
Network
|
complete_responsive_cms_blog_project
|
complete_responsive_cms_blog
|
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16780
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249677
|
6.1 |
MEDIUM
Network
|
blogcms_project
|
blogcms
|
BlogCMS through 2016-10-25 has XSS via a comment.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16779
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249678
|
4.8 |
MEDIUM
Network
|
creatiwity
|
witycms
|
wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16776
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249679
|
4.8 |
MEDIUM
Network
|
victor_cms_project
|
victor_cms
|
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16775
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249680
|
7.5 |
HIGH
Network
|
hongcms_project
|
hongcms
|
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
|
CWE-22
Path Traversal
|
CVE-2018-16774
|
2024-11-21 12:53 |
2018-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|