|
247321
|
7.5 |
HIGH
Network
|
localize_my_post_project
|
localize_my_post
|
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
|
CWE-22
Path Traversal
|
CVE-2018-16299
|
2024-11-21 12:52 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247322
|
9.8 |
CRITICAL
Network
|
wechat_brodcast_project
|
wechat_brodcast
|
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
|
CWE-22
Path Traversal
|
CVE-2018-16283
|
2024-11-21 12:52 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247323
|
9.8 |
CRITICAL
Network
|
deiser
|
profields-project_custom_fields
|
The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2018-16281
|
2024-11-21 12:52 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247324
|
8.8 |
HIGH
Network
|
moxa
|
edr-810_firmware
|
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname param…
|
CWE-78
OS Command
|
CVE-2018-16282
|
2024-11-21 12:52 |
2018-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247325
|
8.8 |
HIGH
Network
|
matrix
debian
|
synapse
debian_linux
|
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16515
|
2024-11-21 12:52 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247326
|
6.5 |
MEDIUM
Adjacent
|
qbeecam
swisscom
|
qbee_multi-sensor_camera_firmware
swisscom_home_app
qbeecam
|
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2018-16225
|
2024-11-21 12:52 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247327
|
7.8 |
HIGH
Local
|
jhead_project
|
jhead
|
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of incon…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2018-16554
|
2024-11-21 12:52 |
2018-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247328
|
8.6 |
HIGH
Network
|
lg
|
supersign_cms
|
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
|
CWE-200
Information Exposure
|
CVE-2018-16288
|
2024-11-21 12:52 |
2018-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247329
|
9.8 |
CRITICAL
Network
|
lg
|
supersign_cms
|
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16287
|
2024-11-21 12:52 |
2018-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247330
|
9.8 |
CRITICAL
Network
|
lg
|
supersign_cms
|
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
|
CWE-287
Improper Authentication
|
CVE-2018-16286
|
2024-11-21 12:52 |
2018-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
