CVE-2018-0367 CVSS:0.0
A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-0386 CVSS:0.0
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-10369 CVSS:0.0
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-10510 CVSS:0.0
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-13393 CVSS:0.0
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-13394 CVSS:0.0
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-14007 CVSS:0.0
Citrix XenServer 7.1 and newer allows Directory Traversal. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-1455 CVSS:0.0
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-15138 CVSS:0.0
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. (Last Update:2018-08-15) (Publish Update:2018-08-15)
CVE-2018-15146 CVSS:0.0
SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. (Last Update:2018-08-15) (Publish Update:2018-08-15)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com