CVE-2018-8978

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.

Source: CVE-2018-8978

CVE-2018-8979

Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.

Source: CVE-2018-8979

CVE-2018-8817

Wampserver before 3.1.3 has CSRF in add_vhost.php.

Source: CVE-2018-8817

CVE-2018-9017

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.

Source: CVE-2018-9017

CVE-2018-9015

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).

Source: CVE-2018-9015

CVE-2018-9016

dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI.

Source: CVE-2018-9016

CVE-2018-9010

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.

Source: CVE-2018-9010

CVE-2018-9014

dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request.

Source: CVE-2018-9014

CVE-2018-7719

Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.

Source: CVE-2018-7719

CVE-2018-8947

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions.

Source: CVE-2018-8947