|
250051
|
7.5 |
HIGH
Network
|
twistlock
|
authz_broker
|
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not a…
|
NVD-CWE-noinfo
|
CVE-2018-16398
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250052
|
4.9 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16397
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250053
|
6.8 |
MEDIUM
Physics
|
opensc_project
|
opensc
|
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to sup…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16393
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250054
|
6.8 |
MEDIUM
Physics
|
opensc_project
|
opensc
|
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16392
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250055
|
6.8 |
MEDIUM
Physics
|
opensc_project
|
opensc
|
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smart…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16391
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250056
|
8.8 |
HIGH
Network
|
elefantcms
|
elefantcms
|
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
|
CWE-352
Origin Validation Error
|
CVE-2018-16387
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250057
|
9.8 |
CRITICAL
Network
|
thinkphp
|
thinkphp
|
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
|
CWE-89
SQL Injection
|
CVE-2018-16385
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250058
|
7.5 |
HIGH
Network
|
owasp
|
owasp_modsecurity_core_rule_set
|
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the …
|
CWE-89
SQL Injection
|
CVE-2018-16384
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250059
|
5.5 |
MEDIUM
Local
|
nasm
|
netwide_assembler
|
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-16382
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250060
|
8.8 |
HIGH
Network
|
digimute
|
ogma_cms
|
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
|
CWE-352
Origin Validation Error
|
CVE-2018-16380
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|