|
247481
|
6.1 |
MEDIUM
Network
|
1234n
|
minicms
|
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16233
|
2024-11-21 12:52 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247482
|
7.5 |
HIGH
Network
|
michael-roth-software
|
pftp
|
Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands.
|
CWE-20
Improper Input Validation
|
CVE-2018-16231
|
2024-11-21 12:52 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247483
|
9.8 |
CRITICAL
Network
|
codemenschen
|
gift_vouchers
|
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
|
CWE-89
SQL Injection
|
CVE-2018-16159
|
2024-11-21 12:52 |
2018-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247484
|
5.3 |
MEDIUM
Network
|
bijiadao
|
waimai_super_cms
|
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals para…
|
NVD-CWE-noinfo
|
CVE-2018-16157
|
2024-11-21 12:52 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247485
|
7.5 |
HIGH
Network
|
lightbend
|
akka_http
|
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-16131
|
2024-11-21 12:52 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247486
|
9.8 |
CRITICAL
Network
|
eaton
|
power_xpert_meter_4000_firmware
power_xpert_meter_6000_firmware
power_xpert_meter_8000_firmware
|
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which ma…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-16158
|
2024-11-21 12:52 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247487
|
6.1 |
MEDIUM
Network
|
phpok
|
phpok
|
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16142
|
2024-11-21 12:52 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247488
|
6.5 |
MEDIUM
Network
|
thinkcmf
|
thinkcmfx
|
ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can de…
|
CWE-22
Path Traversal
|
CVE-2018-16141
|
2024-11-21 12:52 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247489
|
7.8 |
HIGH
Local
|
canonical
fig2dev_project
|
ubuntu_linux
fig2dev
|
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16140
|
2024-11-21 12:52 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247490
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data str…
|
CWE-665
Improper Initialization
|
CVE-2018-16058
|
2024-11-21 12:52 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
