|
247331
|
5.3 |
MEDIUM
Adjacent
|
o.bike
|
smart_locker_firmware
obike-stationless_bike_sharing
|
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable …
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2018-16242
|
2024-11-21 12:52 |
2018-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247332
|
6.5 |
MEDIUM
Network
|
e107
|
e107
|
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
|
CWE-89
SQL Injection
|
CVE-2018-16389
|
2024-11-21 12:52 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247333
|
7.2 |
HIGH
Network
|
e107
|
e107
|
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16388
|
2024-11-21 12:52 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247334
|
7.5 |
HIGH
Network
|
currency_converter_script_project
|
currency_converter_script
|
PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma.
|
CWE-20
Improper Input Validation
|
CVE-2018-16454
|
2024-11-21 12:52 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247335
|
5.4 |
MEDIUM
Network
|
filemanagerpro
|
file_manager
|
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php an…
|
CWE-79
Cross-site Scripting
|
CVE-2018-16363
|
2024-11-21 12:52 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247336
|
5.3 |
MEDIUM
Network
|
endress
|
wirelesshart_fieldgate_swg70_firmware
|
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.
|
CWE-22
Path Traversal
|
CVE-2018-16059
|
2024-11-21 12:52 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247337
|
9.8 |
CRITICAL
Network
|
umbraengineering
|
ps
|
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
|
CWE-78
OS Command
|
CVE-2018-16460
|
2024-11-21 12:52 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247338
|
5.5 |
MEDIUM
Local
|
nasm
|
netwide_assembler
|
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-16517
|
2024-11-21 12:52 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247339
|
6.5 |
MEDIUM
Adjacent
|
technicolor
|
tg588v_firmware
|
Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-16310
|
2024-11-21 12:52 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247340
|
6.1 |
MEDIUM
Network
|
userproplugin
|
userpro
|
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16285
|
2024-11-21 12:52 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
