|
247151
|
8.8 |
HIGH
Network
|
ipbrick
|
ipbrick_os
|
An issue was discovered in the Web Management Console in IPBRICK OS 6.3. There are multiple SQL injections.
|
CWE-89
SQL Injection
|
CVE-2018-16137
|
2024-11-21 12:52 |
2019-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247152
|
8.8 |
HIGH
Network
|
ipbrick
|
ipbrick_os
|
An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim.
|
CWE-352
Origin Validation Error
|
CVE-2018-16136
|
2024-11-21 12:52 |
2019-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247153
|
6.1 |
MEDIUM
Network
|
bibliosoft
|
bibliopac
|
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16139
|
2024-11-21 12:52 |
2019-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247154
|
6.1 |
MEDIUM
Network
|
audiocodes
|
405hd_firmware
|
Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into …
|
CWE-79
Cross-site Scripting
|
CVE-2018-16220
|
2024-11-21 12:52 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247155
|
8.8 |
HIGH
Adjacent
|
audiocodes
|
405hd_firmware
|
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password wit…
|
CWE-287
Improper Authentication
|
CVE-2018-16219
|
2024-11-21 12:52 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247156
|
8.0 |
HIGH
Adjacent
|
audiocodes
|
405hd_firmware
|
A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in t…
|
CWE-78
OS Command
|
CVE-2018-16216
|
2024-11-21 12:52 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247157
|
7.5 |
HIGH
Network
|
siemens
|
simatic_s7-300_firmware
simatic_s7-300f_firmware
simatic_s7-300fs_firmware
simatic_s7-300t_firmware
|
A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of …
|
NVD-CWE-noinfo
|
CVE-2018-16561
|
2024-11-21 12:52 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247158
|
7.5 |
HIGH
Network
|
siemens
|
simatic_s7-1500_firmware
|
A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 44…
|
CWE-20
Improper Input Validation
|
CVE-2018-16559
|
2024-11-21 12:52 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247159
|
7.5 |
HIGH
Network
|
siemens
|
simatic_s7-1500_firmware
|
A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 44…
|
CWE-20
Improper Input Validation
|
CVE-2018-16558
|
2024-11-21 12:52 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247160
|
6.1 |
MEDIUM
Network
|
soflyy
|
wp_all_import
|
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only abl…
|
CWE-79
Cross-site Scripting
|
CVE-2018-16259
|
2024-11-21 12:52 |
2019-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
