|
246561
|
9.8 |
CRITICAL
Network
|
git-scm
redhat
canonical
debian
|
git
enterprise_linux_desktop
enterprise_linux
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_server…
|
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git …
|
CWE-88
Argument Injection
|
CVE-2018-17456
|
2024-11-21 12:54 |
2018-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246562
|
7.5 |
HIGH
Network
|
multitech
|
faxfinder
|
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information…
|
CWE-89
SQL Injection
|
CVE-2018-17562
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246563
|
8.8 |
HIGH
Network
|
naviwebs
|
navigate_cms
|
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17553
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246564
|
9.8 |
CRITICAL
Network
|
naviwebs
|
navigate_cms
|
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
|
CWE-89
SQL Injection
|
CVE-2018-17552
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246565
|
7.5 |
HIGH
Network
|
strongswan
debian
canonical
|
strongswan
debian_linux
ubuntu_linux
|
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17540
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246566
|
9.8 |
CRITICAL
Network
|
nexusfi
|
opac_easyweb_five
|
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
|
CWE-89
SQL Injection
|
CVE-2018-17428
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246567
|
7.8 |
HIGH
Local
|
zahiraccounting
|
zahir_enterprise_plus
|
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV Fi…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17408
|
2024-11-21 12:54 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246568
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-823g_firmware
|
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.
|
CWE-78
OS Command
|
CVE-2018-17787
|
2024-11-21 12:54 |
2018-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246569
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-823g_firmware
|
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary cod…
|
CWE-287
Improper Authentication
|
CVE-2018-17786
|
2024-11-21 12:54 |
2018-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246570
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_assetexplorer
|
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17596
|
2024-11-21 12:54 |
2018-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
