|
247501
|
6.1 |
MEDIUM
Network
|
odoo
|
odoo
|
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browse…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15634
|
2024-11-21 12:51 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247502
|
6.1 |
MEDIUM
Network
|
odoo
|
odoo
|
Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15633
|
2024-11-21 12:51 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247503
|
9.1 |
CRITICAL
Network
|
odoo
|
odoo
|
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can…
|
CWE-20
Improper Input Validation
|
CVE-2018-15632
|
2024-11-21 12:51 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247504
|
6.1 |
MEDIUM
Network
|
easyio
|
easyio_30p_firmware
|
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15820
|
2024-11-21 12:51 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247505
|
7.5 |
HIGH
Network
|
easyio
|
easyio_30p_firmware
|
EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.
|
CWE-287
Improper Authentication
|
CVE-2018-15819
|
2024-11-21 12:51 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247506
|
5.5 |
MEDIUM
Local
|
stopzilla
|
antimalware
|
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000…
|
CWE-20
Improper Input Validation
|
CVE-2018-15738
|
2024-11-21 12:51 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247507
|
7.5 |
HIGH
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
|
CWE-331
Insufficient Entropy
|
CVE-2018-15812
|
2024-11-21 12:51 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247508
|
9.8 |
CRITICAL
Network
|
actiontec
|
web6000q_firmware
|
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.
|
CWE-662
Improper Synchronization
|
CVE-2018-15555
|
2024-11-21 12:51 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247509
|
9.8 |
CRITICAL
Network
|
lexmark
|
cx82x_firmware
cx860_firmware
xc6152_firmware
xc8155_firmware
xc8160_firmware
cx72x_firmware
xc41x0_firmware
cx92x_firmware
xc92x5_firmware
mx321_firmware
mb2338_firmwar…
|
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15520
|
2024-11-21 12:51 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247510
|
8.8 |
HIGH
Adjacent
|
actiontec
|
web6000q_firmware
|
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain…
|
CWE-269
Improper Privilege Management
|
CVE-2018-15557
|
2024-11-21 12:51 |
2019-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
