CVE-2018-10735
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
Source: CVE-2018-10735
[월:] 2018년 05월
CVE-2018-10810
CVE-2018-10810
chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.
Source: CVE-2018-10810
CVE-2018-10738
CVE-2018-10738
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
Source: CVE-2018-10738
CVE-2018-10123
CVE-2018-10123
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
Source: CVE-2018-10123
CVE-2018-10737
CVE-2018-10737
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
Source: CVE-2018-10737
CVE-2018-10736
CVE-2018-10736
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
Source: CVE-2018-10736
CVE-2018-8841
CVE-2018-8841
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
Source: CVE-2018-8841
CVE-2018-7495
CVE-2018-7495
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
Source: CVE-2018-7495
CVE-2017-2613
CVE-2017-2613
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators’ web browsers could be manipulated to create a large number of user records (SECURITY-406).
Source: CVE-2017-2613
CVE-2018-7503
CVE-2018-7503
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
Source: CVE-2018-7503