CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
Source: CVE-2018-10032
[월:] 2018년 04월
CVE-2018-10033
CVE-2018-10033
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
Source: CVE-2018-10033
CVE-2018-10028
CVE-2018-10028
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI.
Source: CVE-2018-10028
CVE-2018-10026
CVE-2018-10026
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
Source: CVE-2018-10026
CVE-2018-8954
CVE-2018-8954
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.
Source: CVE-2018-8954
CVE-2017-8154
CVE-2017-8154
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.
Source: CVE-2017-8154
CVE-2018-8953
CVE-2018-8953
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
Source: CVE-2018-8953
CVE-2018-7930
CVE-2018-7930
The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker’s mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.
Source: CVE-2018-7930
CVE-2018-10021
CVE-2018-10021
drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions.
Source: CVE-2018-10021
CVE-2018-10024
CVE-2018-10024
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
Source: CVE-2018-10024