Export limit exceeded: 348159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348159 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18785 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | ||||
| CVE-2018-18784 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | ||||
| CVE-2018-18783 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A |
| XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. | ||||
| CVE-2018-18782 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | ||||
| CVE-2018-18781 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | ||||
| CVE-2018-18778 | 1 Acme | 1 Mini-httpd | 2024-11-21 | N/A |
| ACME mini_httpd before 1.30 lets remote users read arbitrary files. | ||||
| CVE-2018-18777 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | N/A |
| Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. | ||||
| CVE-2018-18776 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | N/A |
| Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product. | ||||
| CVE-2018-18775 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | N/A |
| Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product. | ||||
| CVE-2018-18774 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | ||||
| CVE-2018-18773 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | ||||
| CVE-2018-18772 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | ||||
| CVE-2018-18771 | 1 Lulucms | 1 Lulu Cms | 2024-11-21 | N/A |
| An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields. | ||||
| CVE-2018-18767 | 2 D-link, Dlink | 3 Dcs-825l Firmware, Dcs-825l, Mydlink Baby Camera Monitor | 2024-11-21 | N/A |
| An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. | ||||
| CVE-2018-18766 | 1 Provisio | 1 Sitekiosk | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905. | ||||
| CVE-2018-18765 | 1 Cesanta | 1 Mongoose | 2024-11-21 | N/A |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | ||||
| CVE-2018-18764 | 1 Cesanta | 1 Mongoose | 2024-11-21 | N/A |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | ||||
| CVE-2018-18763 | 1 Saltos | 1 Saltos | 2024-11-21 | N/A |
| SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | ||||
| CVE-2018-18762 | 1 Saltos | 1 Saltos | 2024-11-21 | N/A |
| SaltOS 3.1 r8126 contains a database download vulnerability. | ||||
| CVE-2018-18761 | 1 Saltos | 1 Saltos | 2024-11-21 | 9.8 Critical |
| SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. | ||||