CVE-2018-10654
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Source: CVE-2018-10654
[월:] 2018년 05월
CVE-2018-10649
CVE-2018-10649
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
Source: CVE-2018-10649
CVE-2018-10651
CVE-2018-10651
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Source: CVE-2018-10651
CVE-2018-10650
CVE-2018-10650
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Source: CVE-2018-10650
CVE-2018-10652
CVE-2018-10652
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
Source: CVE-2018-10652
CVE-2018-10648
CVE-2018-10648
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Source: CVE-2018-10648
CVE-2018-11231
CVE-2018-11231
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
Source: CVE-2018-11231
CVE-2018-10357
CVE-2018-10357
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.
Source: CVE-2018-10357
CVE-2018-8898
CVE-2018-8898
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303) allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations as long as the Administrator is connected to the web interface. For example, GET /romfile.cfg allows the attacker to retrieve the complete settings of the router (all credentials included) while POST /cgi-bin/New_GUI/Set/Admin.asp allows the attacker to successfully change the password of the Web Interface.
Source: CVE-2018-8898
CVE-2018-10355
CVE-2018-10355
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.
Source: CVE-2018-10355