|
249481
|
5.3 |
MEDIUM
Network
|
jester_project
|
jester
|
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences.
|
CWE-22
Path Traversal
|
CVE-2018-13034
|
2024-11-21 12:46 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249482
|
8.8 |
HIGH
Network
|
softexpert
|
excellence_suite
|
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" pa…
|
CWE-89
SQL Injection
|
CVE-2018-12977
|
2024-11-21 12:46 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249483
|
6.1 |
MEDIUM
Network
|
chartered_accountant_\
|
_auditor_website_project
|
PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13256
|
2024-11-21 12:46 |
2018-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249484
|
7.5 |
HIGH
Network
|
adbglobal
|
dv2210_firmware
vv2220_firmware
vv5522_firmware
prg_av4202n_firmware
|
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previo…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-13110
|
2024-11-21 12:46 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249485
|
7.5 |
HIGH
Network
|
adbglobal
|
dv2210_firmware
vv2220_firmware
vv5522_firmware
prg_av4202n_firmware
|
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web in…
|
CWE-863
Incorrect Authorization
|
CVE-2018-13109
|
2024-11-21 12:46 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249486
|
7.8 |
HIGH
Local
|
adbglobal
|
dv2210_firmware
vv2220_firmware
vv5522_firmware
prg_av4202n_firmware
|
All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract furth…
|
NVD-CWE-noinfo
|
CVE-2018-13108
|
2024-11-21 12:46 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249487
|
7.5 |
HIGH
Network
|
mercurial
|
mercurial
|
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actu…
|
CWE-20
Improper Input Validation
|
CVE-2018-13348
|
2024-11-21 12:46 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249488
|
9.8 |
CRITICAL
Network
|
mercurial
|
mercurial
|
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-13347
|
2024-11-21 12:46 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249489
|
7.5 |
HIGH
Network
|
mercurial
|
mercurial
|
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
|
CWE-20
Improper Input Validation
|
CVE-2018-13346
|
2024-11-21 12:46 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249490
|
8.8 |
HIGH
Network
|
gleeztech
|
gleez_cms
|
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.
|
CWE-352
Origin Validation Error
|
CVE-2018-13340
|
2024-11-21 12:46 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
