Export limit exceeded: 347790 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347790 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347790 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347790 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15708 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2018-15707 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. | ||||
| CVE-2018-15706 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | ||||
| CVE-2018-15705 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | ||||
| CVE-2018-15704 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. | ||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | ||||
| CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | N/A |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. | ||||
| CVE-2018-15701 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | N/A |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. | ||||
| CVE-2018-15700 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | N/A |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. | ||||
| CVE-2018-15699 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. | ||||
| CVE-2018-15698 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | ||||
| CVE-2018-15697 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. | ||||
| CVE-2018-15696 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. | ||||
| CVE-2018-15695 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | ||||
| CVE-2018-15694 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. | ||||
| CVE-2018-15693 | 1 Inova-software | 1 Inova Partner | 2024-11-21 | N/A |
| Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference. | ||||
| CVE-2018-15692 | 1 Inova-software | 1 Inova Partner | 2024-11-21 | N/A |
| Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. | ||||
| CVE-2018-15691 | 1 Broadcom | 1 Release Automation | 2024-11-21 | N/A |
| Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. | ||||
| CVE-2018-15685 | 1 Electronjs | 1 Electron | 2024-11-21 | N/A |
| GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | ||||
| CVE-2018-15684 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. | ||||