|
247421
|
8.8 |
HIGH
Network
|
uclouvain
|
openjpeg
|
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16376
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247422
|
8.8 |
HIGH
Network
|
uclouvain
|
openjpeg
|
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16375
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247423
|
4.8 |
MEDIUM
Network
|
frog_cms_project
|
frog_cms
|
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16374
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247424
|
4.9 |
MEDIUM
Network
|
frog_cms_project
|
frog_cms
|
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16373
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247425
|
6.1 |
MEDIUM
Network
|
ideacms
|
ideacms
|
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16372
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247426
|
6.1 |
MEDIUM
Network
|
pescms
|
pescms_team
|
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bullet…
|
CWE-79
Cross-site Scripting
|
CVE-2018-16371
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247427
|
9.8 |
CRITICAL
Network
|
pescms
|
pescms_team
|
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16370
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247428
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE…
|
NVD-CWE-noinfo
|
CVE-2018-16369
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247429
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-16368
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247430
|
9.9 |
CRITICAL
Network
|
qduoj
|
onlinejudge
|
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
|
CWE-22
Path Traversal
|
CVE-2018-16367
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
