Export limit exceeded: 349241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349241 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19564 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | N/A |
| Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. | ||||
| CVE-2018-19562 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. | ||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2024-11-21 | N/A |
| sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. | ||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | N/A |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | ||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | ||||
| CVE-2018-19558 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | ||||
| CVE-2018-19557 | 1 Arcms Project | 1 Arcms | 2024-11-21 | N/A |
| An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | ||||
| CVE-2018-19556 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-19555 | 1 Tp4a | 1 Teleport | 2024-11-21 | N/A |
| tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. | ||||
| CVE-2018-19554 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. | ||||
| CVE-2018-19553 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php | ||||
| CVE-2018-19552 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php. | ||||
| CVE-2018-19551 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php. | ||||
| CVE-2018-19550 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI. | ||||
| CVE-2018-19549 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A |
| Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php. | ||||
| CVE-2018-19548 | 1 Rudrasoftech | 1 Edusec | 2024-11-21 | N/A |
| index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | ||||
| CVE-2018-19547 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. | ||||
| CVE-2018-19546 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. | ||||
| CVE-2018-19545 | 1 Jeecms | 1 Jeecms | 2024-11-21 | N/A |
| JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. | ||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2024-11-21 | N/A |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | ||||