Export limit exceeded: 24530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | ||||
| CVE-2018-13289 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
| CVE-2018-13288 | 1 Synology | 1 File Station | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
| CVE-2018-13259 | 3 Canonical, Redhat, Zsh | 3 Ubuntu Linux, Enterprise Linux, Zsh | 2024-11-21 | N/A |
| An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | ||||
| CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
| CVE-2018-13123 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | N/A |
| onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. | ||||
| CVE-2018-13115 | 1 Keruigroup | 2 Ypc99, Ypc99 Firmware | 2024-11-21 | N/A |
| Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user. | ||||
| CVE-2018-13111 | 1 Wanscam | 2 Hw0021, Hw0021 Firmware | 2024-11-21 | N/A |
| There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device. | ||||
| CVE-2018-13056 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-13042 | 1 1password | 1 1password | 2024-11-21 | N/A |
| The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance. | ||||
| CVE-2018-12999 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | ||||
| CVE-2018-12997 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-11-21 | 7.5 High |
| Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | ||||
| CVE-2018-12990 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | N/A |
| phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | ||||
| CVE-2018-12988 | 1 Greencms | 1 Greencms | 2024-11-21 | N/A |
| GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | ||||
| CVE-2018-12959 | 1 Aditustoken Project | 1 Aditustoken | 2024-11-21 | N/A |
| The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account). | ||||
| CVE-2018-12941 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system. | ||||
| CVE-2018-12927 | 1 Northernnep | 2 Northern Electric \& Power Inverter, Northern Electric \& Power Inverter Firmware | 2024-11-21 | N/A |
| Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | ||||
| CVE-2018-12926 | 1 Pharoscontrols | 2 Pharos, Pharos Firmware | 2024-11-21 | N/A |
| Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | ||||
| CVE-2018-12923 | 1 Bwssystems | 1 Ha Bridge | 2024-11-21 | 7.5 High |
| BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | ||||
| CVE-2018-12921 | 1 Electroind | 2 Gaugetech Nexus, Gaugetech Nexus Firmware | 2024-11-21 | N/A |
| Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | ||||