|
245921
|
6.1 |
MEDIUM
Network
|
sap
|
j2ee_engine
|
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17865
|
2024-11-21 12:55 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245922
|
6.1 |
MEDIUM
Network
|
sap
|
j2ee_engine
|
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerabi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17862
|
2024-11-21 12:55 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245923
|
6.1 |
MEDIUM
Network
|
sap
|
j2ee_engine
|
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vul…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17861
|
2024-11-21 12:55 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245924
|
9.8 |
CRITICAL
Network
|
juuko
|
k-800_firmware
|
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the dev…
|
-
|
CVE-2018-17932
|
2024-11-21 12:55 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245925
|
6.1 |
MEDIUM
Network
|
jquery
|
jquery
|
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry
|
CWE-79
Cross-site Scripting
|
CVE-2018-18405
|
2024-11-21 12:55 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245926
|
7.8 |
HIGH
Local
|
suse
|
openstack_cloud
openstack_cloud_crowbar
|
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users…
|
CWE-269
Improper Privilege Management
|
CVE-2018-17954
|
2024-11-21 12:55 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245927
|
6.1 |
MEDIUM
Network
|
lifesize
|
express_220_firmware
room_220i_firmware
|
Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17981
|
2024-11-21 12:55 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245928
|
6.1 |
MEDIUM
Network
|
crushftp
|
crushftp
|
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.
|
CWE-601
Open Redirect
|
CVE-2018-18288
|
2024-11-21 12:55 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245929
|
7.2 |
HIGH
Network
|
cloudera
|
cdh
|
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
|
CWE-276
Incorrect Default Permissions
|
CVE-2018-17860
|
2024-11-21 12:55 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245930
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the …
|
CWE-269
Improper Privilege Management
|
CVE-2018-18368
|
2024-11-21 12:55 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
