| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-17440 | 7.5 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker c
|
26-04-2023 - 19:36 | 08-10-2018 - 16:29 | |
| CVE-2018-17442 | 6.5 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
|
26-04-2023 - 19:36 | 08-10-2018 - 16:29 | |
| CVE-2018-17443 | 4.3 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
|
26-04-2023 - 19:36 | 08-10-2018 - 16:29 | |
| CVE-2018-17441 | 4.3 |
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
|
26-04-2023 - 19:36 | 08-10-2018 - 16:29 | |
| CVE-2018-17988 | 7.5 |
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
|
19-04-2022 - 15:42 | 07-03-2019 - 23:29 | |
| CVE-2018-2628 | 7.5 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthe
|
29-04-2019 - 21:01 | 19-04-2018 - 02:29 | |
| CVE-2007-5653 | 9.3 |
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill b
|
29-09-2017 - 01:29 | 23-10-2007 - 21:47 |