Export limit exceeded: 348502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348502 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19922 | 1 Actiontec | 2 C1000a, C1000a Firmware | 2024-11-21 | N/A |
| Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. | ||||
| CVE-2018-19921 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | ||||
| CVE-2018-19919 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | N/A |
| Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | ||||
| CVE-2018-19917 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2018-19915 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | ||||
| CVE-2018-19914 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. | ||||
| CVE-2018-19913 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | ||||
| CVE-2018-19911 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | N/A |
| FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. | ||||
| CVE-2018-19908 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import. | ||||
| CVE-2018-19907 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | N/A |
| A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page. | ||||
| CVE-2018-19903 | 1 Xsltcms.org Project | 1 Xsltcms.org | 2024-11-21 | N/A |
| Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field. | ||||
| CVE-2018-19902 | 1 No-cms Project | 1 No-cms | 2024-11-21 | N/A |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. | ||||
| CVE-2018-19901 | 1 No-cms Project | 1 No-cms | 2024-11-21 | N/A |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. | ||||
| CVE-2018-19898 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action. | ||||
| CVE-2018-19897 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action. | ||||
| CVE-2018-19896 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action. | ||||
| CVE-2018-19895 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. | ||||
| CVE-2018-19894 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A |
| ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action. | ||||
| CVE-2018-19893 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string. | ||||
| CVE-2018-19892 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. | ||||