Export limit exceeded: 347860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347860 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16343 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. | ||||
| CVE-2018-16342 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| ShowDoc v1.8.0 has XSS via a new page. | ||||
| CVE-2018-16339 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. | ||||
| CVE-2018-16338 | 1 Auracms | 1 Auracms | 2024-11-21 | N/A |
| An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | ||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | ||||
| CVE-2018-16336 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | N/A |
| Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. | ||||
| CVE-2018-16335 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-11-21 | N/A |
| newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. | ||||
| CVE-2018-16334 | 1 Tendacn | 4 Ac10, Ac10 Firmware, Ac9 and 1 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. | ||||
| CVE-2018-16333 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | ||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | ||||
| CVE-2018-16331 | 1 Damicms | 1 Damicms | 2024-11-21 | N/A |
| admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | ||||
| CVE-2018-16330 | 1 Ipandao | 1 Editor.md | 2024-11-21 | N/A |
| Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | ||||
| CVE-2018-16329 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. | ||||
| CVE-2018-16328 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | ||||
| CVE-2018-16327 | 1 Intelliants | 1 Subrion | 2024-11-21 | N/A |
| There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | ||||
| CVE-2018-16326 | 1 Phpscriptsmall | 1 Olx Clone | 2024-11-21 | N/A |
| PHP Scripts Mall Olx Clone 3.4.2 has XSS. | ||||
| CVE-2018-16325 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | ||||
| CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
| In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | ||||
| CVE-2018-16323 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 6.5 Medium |
| ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. | ||||
| CVE-2018-16320 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | ||||