Export limit exceeded: 350381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350381 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6009 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | N/A |
| In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | ||||
| CVE-2018-6008 | 1 Joomlatag | 1 Jtag Members Directory | 2024-11-21 | N/A |
| Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | ||||
| CVE-2018-6007 | 1 Joomsky | 1 Js Support Ticket | 2024-11-21 | N/A |
| CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | ||||
| CVE-2018-6006 | 1 Joomsky | 1 Js Autoz | 2024-11-21 | N/A |
| SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | ||||
| CVE-2018-6005 | 1 Realpin Project | 1 Realpin | 2024-11-21 | N/A |
| SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | ||||
| CVE-2018-6004 | 1 Techsolsystem | 1 File Download Tracker | 2024-11-21 | N/A |
| SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | ||||
| CVE-2018-6003 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2024-11-21 | 7.5 High |
| An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | ||||
| CVE-2018-6002 | 1 Webartisan | 1 Soundy Background Music | 2024-11-21 | N/A |
| The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). | ||||
| CVE-2018-6001 | 1 Webartisan | 1 Soundy Audio Playlist | 2024-11-21 | N/A |
| The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | ||||
| CVE-2018-6000 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999. | ||||
| CVE-2018-5999 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails. | ||||
| CVE-2018-5997 | 1 Ravpower | 1 Filehub Firmware | 2024-11-21 | N/A |
| An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. | ||||
| CVE-2018-5995 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. | ||||
| CVE-2018-5994 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | N/A |
| SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | ||||
| CVE-2018-5993 | 1 Aist Project | 1 Aist | 2024-11-21 | N/A |
| SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. | ||||
| CVE-2018-5992 | 1 Staff Master Project | 1 Staff Master | 2024-11-21 | N/A |
| SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. | ||||
| CVE-2018-5991 | 1 Web-dorado | 1 Form Maker | 2024-11-21 | N/A |
| SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | ||||
| CVE-2018-5990 | 1 Allvideos Reloaded Project | 1 Allvideos Reloaded | 2024-11-21 | N/A |
| SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. | ||||
| CVE-2018-5989 | 1 Chillcreations | 1 Ccnewsletter | 2024-11-21 | 9.8 Critical |
| SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | ||||
| CVE-2018-5988 | 1 Flexible Poll Project | 1 Flexible Poll | 2024-11-21 | N/A |
| SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. | ||||