Export limit exceeded: 348774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348774 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19487 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2024-11-21 | N/A |
| The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. | ||||
| CVE-2018-19486 | 4 Canonical, Git-scm, Linux and 1 more | 4 Ubuntu Linux, Git, Linux Kernel and 1 more | 2024-11-21 | N/A |
| Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | ||||
| CVE-2018-19478 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. | ||||
| CVE-2018-19477 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | N/A |
| psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | ||||
| CVE-2018-19476 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | N/A |
| psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | ||||
| CVE-2018-19475 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | N/A |
| psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | ||||
| CVE-2018-19469 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | N/A |
| ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | ||||
| CVE-2018-19468 | 1 Hucart | 1 Hucart | 2024-11-21 | N/A |
| HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. | ||||
| CVE-2018-19466 | 1 Portainer | 1 Portainer | 2024-11-21 | N/A |
| A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | ||||
| CVE-2018-19465 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A |
| Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html. | ||||
| CVE-2018-19464 | 1 Dismall | 1 Discuz\! | 2024-11-21 | 4.8 Medium |
| Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. | ||||
| CVE-2018-19463 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication | ||||
| CVE-2018-19462 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php. | ||||
| CVE-2018-19461 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php. | ||||
| CVE-2018-19459 | 1 Armcode | 1 Adult Filter | 2024-11-21 | N/A |
| Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. | ||||
| CVE-2018-19458 | 1 Php-proxy | 1 Php-proxy | 2024-11-21 | N/A |
| In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | ||||
| CVE-2018-19457 | 1 Logicspice | 1 Faq Script | 2024-11-21 | N/A |
| Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | ||||
| CVE-2018-19456 | 2 Opensuse, Wplaunchpad | 2 Leap, Wpbackupplus | 2024-11-21 | N/A |
| The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql. | ||||
| CVE-2018-19452 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | N/A |
| A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation. | ||||
| CVE-2018-19451 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | N/A |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution. | ||||