CVE-2018-10108
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
Source: CVE-2018-10108
[월:] 2018년 04월
CVE-2018-10109
CVE-2018-10109
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
Source: CVE-2018-10109
CVE-2018-1000169
CVE-2018-1000169
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
Source: CVE-2018-1000169
CVE-2014-2069
CVE-2014-2069
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
Source: CVE-2014-2069
CVE-2014-1686
CVE-2014-1686
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
Source: CVE-2014-1686
CVE-2018-4173
CVE-2018-4173
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
Source: CVE-2018-4173
CVE-2018-6547
CVE-2018-6547
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user.
Source: CVE-2018-6547
CVE-2018-10096
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request.
Source: CVE-2018-10096
CVE-2018-6546
CVE-2018-6546
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.
Source: CVE-2018-6546
CVE-2017-0363
CVE-2017-0363
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
Source: CVE-2017-0363