|
252041
|
7.8 |
HIGH
Local
|
vertiv
|
watchdog_console
|
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
|
CWE-269
Improper Privilege Management
|
CVE-2018-10079
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252042
|
4.8 |
MEDIUM
Network
|
vertiv
|
watchdog_console
|
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10078
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252043
|
4.9 |
MEDIUM
Network
|
vertiv
|
watchdog_console
|
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
|
CWE-611
XXE
|
CVE-2018-10077
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252044
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
|
CWE-352
Origin Validation Error
|
CVE-2018-10188
|
2024-11-21 12:40 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252045
|
4.8 |
MEDIUM
Network
|
d-link
|
dir-615_t1_firmware
|
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10110
|
2024-11-21 12:40 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252046
|
7.5 |
HIGH
Network
|
logmein
|
lastpass
|
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPU…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-10193
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252047
|
9.8 |
CRITICAL
Network
|
mruby
debian
|
mruby
debian_linux
|
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. A…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-10191
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252048
|
7.5 |
HIGH
Network
|
mautic
|
mautic
|
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a th…
|
CWE-200
Information Exposure
|
CVE-2018-10189
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252049
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a c…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10187
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252050
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10186
|
2024-11-21 12:40 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
