Export limit exceeded: 347142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347142 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11542 | 1 Ribboncommunications | 6 Sbc Swe Lite, Sbc Swe Lite Firmware, Sonus Sbc 1000 and 3 more | 2024-11-21 | N/A |
| A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11541 | 1 Ribboncommunications | 5 Sbc Swe Lite Web, Sonus Sbc 1000, Sonus Sbc 1000 Firmware and 2 more | 2024-11-21 | N/A |
| A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11538 | 1 Searchblox | 1 Searchblox | 2024-11-21 | N/A |
| servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | ||||
| CVE-2018-11537 | 1 Auth0 | 1 Angular-jwt | 2024-11-21 | N/A |
| Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | ||||
| CVE-2018-11536 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. | ||||
| CVE-2018-11535 | 1 Sitemakin | 1 Slac | 2024-11-21 | N/A |
| An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. | ||||
| CVE-2018-11532 | 1 Changuondyu Advanced Statistics Project | 1 Changuondyu Advanced Statistics | 2024-11-21 | N/A |
| An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. | ||||
| CVE-2018-11531 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | N/A |
| Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | ||||
| CVE-2018-11529 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | N/A |
| VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. | ||||
| CVE-2018-11527 | 1 Cscms Project | 1 Cscms | 2024-11-21 | N/A |
| An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. | ||||
| CVE-2018-11526 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2024-11-21 | N/A |
| The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | ||||
| CVE-2018-11525 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | N/A |
| The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | ||||
| CVE-2018-11523 | 1 Nuuo | 2 Nvrmini 2, Nvrmini 2 Firmware | 2024-11-21 | N/A |
| upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | ||||
| CVE-2018-11522 | 1 Yosoro Project | 1 Yosoro | 2024-11-21 | N/A |
| Yosoro 1.0.4 has stored XSS. | ||||
| CVE-2018-11518 | 1 Hcltech | 2 Legacy Ivr, Legacy Ivr Firmware | 2024-11-21 | N/A |
| A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). | ||||
| CVE-2018-11517 | 1 Myscada | 1 Mypro | 2024-11-21 | N/A |
| mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. | ||||
| CVE-2018-11516 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 8.8 High |
| The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | ||||
| CVE-2018-11515 | 1 Gvectors | 1 Wpforo | 2024-11-21 | N/A |
| The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter. | ||||
| CVE-2018-11514 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | ||||
| CVE-2018-11512 | 1 Creatiwity | 1 Witycms | 2024-11-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. | ||||