CVE-2018-18938 — An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
Published: November 05, 2018; 04:29:00 AM -05:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2011-4596 — Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball o... read CVE-2011-4596
Published: December 23, 2011; 05:55:00 PM -05:00

V2: 6.0 MEDIUM

CVE-2012-4456 — The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete... read CVE-2012-4456
Published: October 09, 2012; 11:55:01 AM -04:00

V2: 7.5 HIGH

CVE-2013-0270 — OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
Published: April 12, 2013; 06:55:01 PM -04:00

V2: 5.0 MEDIUM

CVE-2013-0282 — OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass acc... read CVE-2013-0282
Published: April 12, 2013; 06:55:01 PM -04:00

V2: 5.0 MEDIUM

CVE-2013-2256 — OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors... read CVE-2013-2256
Published: September 16, 2013; 03:14:38 PM -04:00

V2: 6.0 MEDIUM

CVE-2013-6437 — The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which tri... read CVE-2013-6437
Published: March 06, 2014; 10:55:28 AM -05:00

V2: 4.0 MEDIUM

CVE-2014-8333 — The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
Published: October 31, 2014; 10:55:07 AM -04:00

V2: 4.0 MEDIUM

CVE-2018-16549 — HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.
Published: September 05, 2018; 05:29:03 PM -04:00

V3: 5.3 MEDIUM
V2: 5.0 MEDIUM

CVE-2018-14813 — Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
Published: September 26, 2018; 04:29:00 PM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2014-3517 — api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-for... read CVE-2014-3517
Published: August 07, 2014; 07:13:34 AM -04:00

V2: 4.3 MEDIUM

CVE-2018-17588 — AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
Published: October 02, 2018; 02:29:01 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-17589 — AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
Published: October 02, 2018; 02:29:01 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-17830 — The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_i... read CVE-2018-17830
Published: October 01, 2018; 04:29:01 AM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2018-17587 — AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
Published: October 02, 2018; 02:29:01 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-17835 — An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
Published: October 01, 2018; 04:29:01 AM -04:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2018-18939 — An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.
Published: November 05, 2018; 04:29:00 AM -05:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2018-1541 — IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... read CVE-2018-1541
Published: October 24, 2018; 08:29:00 AM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2018-1683 — IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.
Published: September 26, 2018; 11:29:00 AM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2018-1702 — IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive... read CVE-2018-1702
Published: September 28, 2018; 09:29:00 AM -04:00

V3: 7.1 HIGH
V2: 5.5 MEDIUM