|
247001
|
6.1 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
|
CWE-113
HTTP Response Splitting
|
CVE-2018-16979
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247002
|
6.1 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16978
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247003
|
5.3 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
|
CWE-200
Information Exposure
|
CVE-2018-16977
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247004
|
8.1 |
HIGH
Network
|
gitolite
|
gitolite
|
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migrat…
|
CWE-362
Race Condition
|
CVE-2018-16976
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247005
|
9.8 |
CRITICAL
Network
|
elefantcms
|
elefant
|
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunct…
|
CWE-94
Code Injection
|
CVE-2018-16975
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247006
|
9.8 |
CRITICAL
Network
|
elefantcms
|
elefant
|
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess fil…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16974
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247007
|
4.3 |
MEDIUM
Network
|
wisetail
|
learning_management_system
|
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-16971
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247008
|
4.3 |
MEDIUM
Network
|
wisetail
|
learning_management_system
|
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
|
CWE-538
File and Directory Information Exposure
|
CVE-2018-16970
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247009
|
7.8 |
HIGH
Local
|
webroot
|
secureanywhere
|
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.
|
CWE-123
Write-what-where Condition
|
CVE-2018-16962
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247010
|
5.4 |
MEDIUM
Network
|
pluck-cms
|
pluck
|
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16729
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
