|
246891
|
5.4 |
MEDIUM
Network
|
oracle
|
webcenter_interaction
|
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected wi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-16958
|
2024-11-21 12:53 |
2018-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246892
|
9.8 |
CRITICAL
Network
|
oracle
|
webcenter_interaction
|
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-16957
|
2024-11-21 12:53 |
2018-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246893
|
6.5 |
MEDIUM
Network
|
oracle
|
webcenter_interaction
|
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupport…
|
CWE-20
Improper Input Validation
|
CVE-2018-16956
|
2024-11-21 12:53 |
2018-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246894
|
8.8 |
HIGH
Network
|
oracle
|
webcenter_interaction
|
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal…
|
CWE-352
Origin Validation Error
|
CVE-2018-16952
|
2024-11-21 12:53 |
2018-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246895
|
7.5 |
HIGH
Network
|
golang
fedoraproject
|
net
fedora
|
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17143
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246896
|
7.5 |
HIGH
Network
|
golang
fedoraproject
|
net
fedora
|
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-17142
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246897
|
5.4 |
MEDIUM
Network
|
vms-studio
|
quizlord
|
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17140
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246898
|
8.8 |
HIGH
Network
|
ultimatefosters
|
ultimatepos
|
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17139
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246899
|
5.4 |
MEDIUM
Network
|
nickelpro
|
jibu_pro
|
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17138
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246900
|
9.8 |
CRITICAL
Network
|
prezi
|
next
|
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.
|
NVD-CWE-noinfo
|
CVE-2018-17137
|
2024-11-21 12:53 |
2018-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
