Export limit exceeded: 45728 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19518 | 4 Canonical, Debian, Php and 1 more | 4 Ubuntu Linux, Debian Linux, Php and 1 more | 2024-11-21 | 7.5 High |
| University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. | ||||
| CVE-2018-19517 | 1 Sysstat Project | 1 Sysstat | 2024-11-21 | N/A |
| An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. | ||||
| CVE-2018-19516 | 1 Kde | 1 Kde Applications | 2024-11-21 | 5.3 Medium |
| messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | ||||
| CVE-2018-19515 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users. | ||||
| CVE-2018-19514 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file. | ||||
| CVE-2018-19513 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. | ||||
| CVE-2018-19512 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. | ||||
| CVE-2018-19511 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. | ||||
| CVE-2018-19510 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header. | ||||
| CVE-2018-19509 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | ||||
| CVE-2018-19508 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. | ||||
| CVE-2018-19507 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | ||||
| CVE-2018-19506 | 1 Zurmo | 1 Zurmo | 2024-11-21 | N/A |
| Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. | ||||
| CVE-2018-19505 | 1 Bmc | 1 Remedy Action Request System Server | 2024-11-21 | N/A |
| Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | ||||
| CVE-2018-19504 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | N/A |
| An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. | ||||
| CVE-2018-19503 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | N/A |
| An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. | ||||
| CVE-2018-19502 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | N/A |
| An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. | ||||
| CVE-2018-19499 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | N/A |
| Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. | ||||
| CVE-2018-19498 | 1 Simplenia | 1 Pages | 2024-11-21 | N/A |
| The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. | ||||
| CVE-2018-19497 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2024-11-21 | 6.5 Medium |
| In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). | ||||