-
CVE-2018-10383
•
published on May 2, 2019
Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.
-
CVE-2018-10383
•
published on May 2, 2019
Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.
-
CVE-2018-10383
•
published on May 2, 2019
Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.
-
CVE-2018-16988
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
-
CVE-2018-16988
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
-
CVE-2018-16988
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
-
CVE-2018-16961
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
-
CVE-2018-16961
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
-
CVE-2018-16961
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
-
CVE-2018-16960
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.
-
CVE-2018-16960
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.
-
CVE-2018-16960
•
published on May 2, 2019
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.
-
CVE-2018-16718
•
published on May 2, 2019
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.
-
CVE-2018-16718
•
published on May 2, 2019
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.
-
CVE-2018-16718
•
published on May 2, 2019
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.
-
CVE-2018-16717
•
published on May 2, 2019
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox.
-
CVE-2018-16717
•
published on May 2, 2019
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox.
-
CVE-2018-16717
•
published on May 2, 2019
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox.
-
CVE-2018-16716
•
published on May 2, 2019
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
-
CVE-2018-16716
•
published on May 2, 2019
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.