Export limit exceeded: 347828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17141 | 2 Debian, Hylafax | 3 Debian Linux, Hylafax, Hylafax\+ | 2024-11-21 | N/A |
| HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file. | ||||
| CVE-2018-17140 | 1 Vms-studio | 1 Quizlord | 2024-11-21 | N/A |
| The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. | ||||
| CVE-2018-17139 | 1 Ultimatefosters | 1 Ultimatepos | 2024-11-21 | N/A |
| UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | ||||
| CVE-2018-17138 | 1 Nickelpro | 1 Jibu Pro | 2024-11-21 | N/A |
| The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. | ||||
| CVE-2018-17137 | 1 Prezi | 1 Next | 2024-11-21 | N/A |
| Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. | ||||
| CVE-2018-17136 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. | ||||
| CVE-2018-17134 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. | ||||
| CVE-2018-17133 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | ||||
| CVE-2018-17132 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | ||||
| CVE-2018-17131 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | ||||
| CVE-2018-17130 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | ||||
| CVE-2018-17129 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. | ||||
| CVE-2018-17128 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | ||||
| CVE-2018-17127 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | N/A |
| blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. | ||||
| CVE-2018-17126 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | ||||
| CVE-2018-17125 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | ||||
| CVE-2018-17113 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | ||||
| CVE-2018-17111 | 1 Coinlancer | 1 Coinlancer | 2024-11-21 | N/A |
| The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect. | ||||
| CVE-2018-17110 | 1 Tecdiary | 1 Simple Pos | 2024-11-21 | N/A |
| Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. | ||||
| CVE-2018-17108 | 1 Sbi | 1 Sbi Buddy | 2024-11-21 | N/A |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. | ||||