|
246551
|
6.8 |
MEDIUM
Physics
|
teltonika
|
rut900_firmware
rut950_firmware
rut955_firmware
|
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary co…
|
CWE-287
Improper Authentication
|
CVE-2018-17534
|
2024-11-21 12:54 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246552
|
6.1 |
MEDIUM
Network
|
teltonika
|
rut900_firmware
rut950_firmware
rut955_firmware
|
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17533
|
2024-11-21 12:54 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246553
|
9.8 |
CRITICAL
Network
|
teltonika
|
rut900_firmware
rut950_firmware
rut955_firmware
|
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input…
|
CWE-78
OS Command
|
CVE-2018-17532
|
2024-11-21 12:54 |
2018-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246554
|
6.1 |
MEDIUM
Network
|
sugarcrm
|
sugarcrm
|
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targe…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17784
|
2024-11-21 12:54 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246555
|
6.1 |
MEDIUM
Network
|
intelbras
|
nplug_firmware
|
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17337
|
2024-11-21 12:54 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246556
|
7.8 |
HIGH
Local
|
seqrite
|
end_point_security
|
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-17775
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246557
|
6.1 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17443
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246558
|
8.8 |
HIGH
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17442
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246559
|
6.1 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17441
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246560
|
9.8 |
CRITICAL
Network
|
dlink
|
central_wifimanager
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking adv…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-17440
|
2024-11-21 12:54 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
