Export limit exceeded: 348118 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348118 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17431 | 1 Comodo | 1 Unified Threat Management Firewall | 2024-11-21 | 9.8 Critical |
| Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. | ||||
| CVE-2018-17429 | 1 Jtbc | 1 Jtbc | 2024-11-21 | N/A |
| /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. | ||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2024-11-21 | N/A |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | ||||
| CVE-2018-17427 | 1 Simdcomp Project | 1 Simdcomp | 2024-11-21 | N/A |
| SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. | ||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | ||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | ||||
| CVE-2018-17421 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. | ||||
| CVE-2018-17420 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | ||||
| CVE-2018-17419 | 2 Dns Library Project, Redhat | 2 Dns Library, Openshift | 2024-11-21 | 7.5 High |
| An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | ||||
| CVE-2018-17418 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. | ||||
| CVE-2018-17416 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | ||||
| CVE-2018-17415 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | ||||
| CVE-2018-17414 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | ||||
| CVE-2018-17413 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. | ||||
| CVE-2018-17412 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. | ||||
| CVE-2018-17411 | 1 Informationbuilders | 1 Data Quality Suite | 2024-11-21 | N/A |
| An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. | ||||
| CVE-2018-17410 | 1 Horus Cms Project | 1 Horus Cms | 2024-11-21 | 9.8 Critical |
| Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. | ||||
| CVE-2018-17408 | 1 Zahiraccounting | 1 Zahir Enterprise Plus | 2024-11-21 | N/A |
| Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu. | ||||
| CVE-2018-17407 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. | ||||
| CVE-2018-17404 | 1 Sbi | 1 Sbi Buddy | 2024-11-21 | N/A |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. | ||||