Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2018-1820 —
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... read CVE-2018-1820
Published: September 27, 2018; 03:29:00 PM -04:00
-
CVE-2018-1716 —
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... read CVE-2018-1716
Published: September 27, 2018; 03:29:00 PM -04:00
-
CVE-2017-17691 —
Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.
Published: September 07, 2018; 06:29:00 PM -04:00
-
CVE-2018-15552 —
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by th... read CVE-2018-15552
Published: September 07, 2018; 06:29:01 PM -04:00
-
CVE-2018-14398 —
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials.
Published: September 07, 2018; 06:29:00 PM -04:00
-
CVE-2018-1785 —
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.
Published: September 26, 2018; 11:29:01 AM -04:00
-
CVE-2018-1545 —
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.
Published: September 26, 2018; 11:29:00 AM -04:00
-
CVE-2018-18734 —
A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.
Published: October 29, 2018; 08:29:08 AM -04:00
-
CVE-2018-17410 —
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.
Published: September 26, 2018; 05:29:02 PM -04:00
-
CVE-2018-15484 —
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
Published: September 07, 2018; 06:29:01 PM -04:00
-
CVE-2018-15486 —
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
Published: September 07, 2018; 06:29:01 PM -04:00
-
CVE-2018-15485 —
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
Published: September 07, 2018; 06:29:01 PM -04:00
-
CVE-2018-0648 —
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Published: September 07, 2018; 10:29:01 AM -04:00
-
CVE-2018-5238 —
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a mali... read CVE-2018-5238
Published: August 22, 2018; 01:29:00 PM -04:00
-
CVE-2018-16651 —
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
Published: September 07, 2018; 01:29:00 AM -04:00
-
CVE-2018-16606 —
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of... read CVE-2018-16606
Published: September 06, 2018; 12:29:05 PM -04:00
-
CVE-2018-16398 —
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed.
Published: September 03, 2018; 03:29:00 PM -04:00
-
CVE-2018-16604 —
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").
Published: September 06, 2018; 12:29:05 PM -04:00
-
CVE-2018-1000773 —
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail u... read CVE-2018-1000773
Published: September 06, 2018; 12:29:05 PM -04:00
-
CVE-2018-16703 —
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The... read CVE-2018-16703
Published: September 07, 2018; 01:29:01 PM -04:00