CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.

Source: CVE-2018-10429

CVE-2018-10430

An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.

Source: CVE-2018-10430

CVE-2018-1074

ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.

Source: CVE-2018-1074

CVE-2018-10431

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.

Source: CVE-2018-10431

CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director’s installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

Source: CVE-2016-9590

CVE-2017-9284

IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.

Source: CVE-2017-9284

CVE-2018-8072

An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.

Source: CVE-2018-8072

CVE-2017-9275

NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.

Source: CVE-2017-9275

CVE-2017-1724

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134814.

Source: CVE-2017-1724

CVE-2017-14740

Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.

Source: CVE-2017-14740