|
245531
|
7.5 |
HIGH
Network
|
lexmark
|
6500e_firmware
c748_firmware
c79x_firmware
c925_firmware
c95x_firmware
cs41x_firmware
cs51x_firmware
cs748_firmware
cs796_firmware
cx410_firmware
cx510_firmware
m3150…
|
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
|
CWE-22
Path Traversal
|
CVE-2018-18894
|
2024-11-21 12:56 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245532
|
5.3 |
MEDIUM
Network
|
mitel
|
mivoice_business_express
micollab
|
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7…
|
CWE-863
Incorrect Authorization
|
CVE-2018-18819
|
2024-11-21 12:56 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245533
|
6.1 |
MEDIUM
Network
|
sir
|
gnuboard
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18674
|
2024-11-21 12:56 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245534
|
6.1 |
MEDIUM
Network
|
sir
|
gnuboard
|
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 par…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18678
|
2024-11-21 12:56 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245535
|
8.8 |
HIGH
Network
|
trms
|
carousel_digital_signage
|
An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to …
|
CWE-269
Improper Privilege Management
|
CVE-2018-18931
|
2024-11-21 12:56 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245536
|
8.8 |
HIGH
Network
|
trms
|
carousel_digital_signage
|
The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execu…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-18930
|
2024-11-21 12:56 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245537
|
8.8 |
HIGH
Network
|
trms
|
seneca_hdn_firmware
|
The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unatt…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-18929
|
2024-11-21 12:56 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245538
|
7.8 |
HIGH
Local
|
mckesson
changehealthcare
|
horizon_cardiology_firmware
cardiology_firmware
|
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized ar…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-18630
|
2024-11-21 12:56 |
2019-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245539
|
6.1 |
MEDIUM
Network
|
sir
|
gnuboard
|
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18668
|
2024-11-21 12:56 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245540
|
7.2 |
HIGH
Network
|
oscommerce
|
oscommerce
|
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subseque…
|
CWE-94
Code Injection
|
CVE-2018-18573
|
2024-11-21 12:56 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
