Export limit exceeded: 347856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347856 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12589 | 1 Polarisoffice | 1 Polaris Office 2017 | 2024-11-21 | N/A |
| Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | ||||
| CVE-2018-12588 | 1 Public Knowledge Project | 1 Open Monograph Press | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field). | ||||
| CVE-2018-12587 | 1 German Spelling Dictionary Project | 1 German Spelling Dictionary | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar. | ||||
| CVE-2018-12585 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-java | 2024-11-21 | N/A |
| An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | ||||
| CVE-2018-12584 | 2 Debian, Resiprocate | 2 Debian Linux, Resiprocate | 2024-11-21 | 9.8 Critical |
| The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled. | ||||
| CVE-2018-12583 | 1 Akcms Project | 1 Akcms | 2024-11-21 | N/A |
| An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php. | ||||
| CVE-2018-12582 | 1 Akcms Project | 1 Akcms | 2024-11-21 | N/A |
| An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. | ||||
| CVE-2018-12581 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. | ||||
| CVE-2018-12580 | 1 Dragonbyte-tech | 1 Vbsecurity | 2024-11-21 | N/A |
| library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. | ||||
| CVE-2018-12579 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A |
| An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts. | ||||
| CVE-2018-12578 | 1 Sam2p Project | 1 Sam2p | 2024-11-21 | N/A |
| There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. | ||||
| CVE-2018-12577 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | N/A |
| The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | ||||
| CVE-2018-12576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | N/A |
| TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | ||||
| CVE-2018-12575 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | N/A |
| On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | ||||
| CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | N/A |
| CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | ||||
| CVE-2018-12572 | 1 Avast | 1 Free Antivirus | 2024-11-21 | N/A |
| Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. | ||||
| CVE-2018-12571 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2024-11-21 | N/A |
| uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | ||||
| CVE-2018-12565 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-11-21 | 8.8 High |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. | ||||
| CVE-2018-12564 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-11-21 | N/A |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. | ||||
| CVE-2018-12563 | 1 Linaro | 1 Lava | 2024-11-21 | N/A |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. | ||||