Export limit exceeded: 348758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19329 | 1 Greencms | 1 Greencms | 2024-11-21 | N/A |
| GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button. | ||||
| CVE-2018-19328 | 1 Laobancms | 1 Laobancms | 2024-11-21 | N/A |
| LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | ||||
| CVE-2018-19327 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF. | ||||
| CVE-2018-19326 | 1 Zyxel | 2 Vmg1312-b10d, Vmg1312-b10d Firmware | 2024-11-21 | N/A |
| Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | ||||
| CVE-2018-19324 | 1 Kimsq | 1 Rb | 2024-11-21 | N/A |
| kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI. | ||||
| CVE-2018-19319 | 1 Srcms Project | 1 Srcms | 2024-11-21 | N/A |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | ||||
| CVE-2018-19318 | 1 Srcms Project | 1 Srcms | 2024-11-21 | N/A |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | ||||
| CVE-2018-19312 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | ||||
| CVE-2018-19311 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | ||||
| CVE-2018-19301 | 1 Tp4a | 1 Teleport | 2024-11-21 | N/A |
| tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. | ||||
| CVE-2018-19300 | 2 D-link, Dlink | 17 Dap-1530 Firmware, Dap-1610 Firmware, Dwr-116 Firmware and 14 more | 2024-11-21 | N/A |
| On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well. | ||||
| CVE-2018-19296 | 4 Debian, Fedoraproject, Phpmailer Project and 1 more | 4 Debian Linux, Fedora, Phpmailer and 1 more | 2024-11-21 | 8.8 High |
| PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | ||||
| CVE-2018-19295 | 1 Sylabs | 1 Singularity | 2024-11-21 | N/A |
| Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. | ||||
| CVE-2018-19291 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | ||||
| CVE-2018-19290 | 1 Budabot | 1 Budabot | 2024-11-21 | N/A |
| In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code. | ||||
| CVE-2018-19289 | 1 Valine.js | 1 Valine | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file. | ||||
| CVE-2018-19288 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | ||||
| CVE-2018-19287 | 1 Ninjaforma | 1 Ninja Forms | 2024-11-21 | N/A |
| XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter. | ||||
| CVE-2018-19286 | 1 Mubu | 1 Curtain | 2024-11-21 | 6.1 Medium |
| The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note. | ||||
| CVE-2018-19282 | 1 Rockwellautomation | 2 Powerflex 525 Ac Drives, Powerflex 525 Ac Drives Firmware | 2024-11-21 | N/A |
| Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control. | ||||