Export limit exceeded: 346387 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346387 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10296 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. | ||||
| CVE-2018-10295 | 1 Chemcms Project | 1 Chemcms | 2024-11-21 | N/A |
| ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. | ||||
| CVE-2018-10294 | 1 Flexense | 1 Diskboss | 2024-11-21 | N/A |
| Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. | ||||
| CVE-2018-10289 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 5.5 Medium |
| In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | ||||
| CVE-2018-10286 | 1 Ericssonlg | 1 Ipecs Nms | 2024-11-21 | N/A |
| The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated. | ||||
| CVE-2018-10285 | 1 Ericssonlg | 1 Ipecs Nms | 2024-11-21 | N/A |
| The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | ||||
| CVE-2018-10284 | 1 Adaltech | 1 G-ticket | 2024-11-21 | N/A |
| Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter. | ||||
| CVE-2018-10283 | 1 Cliquemania | 1 Loja Virtual | 2024-11-21 | N/A |
| CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action. | ||||
| CVE-2018-10268 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | N/A |
| An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter. | ||||
| CVE-2018-10267 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | N/A |
| WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI. | ||||
| CVE-2018-10266 | 1 Beescms | 1 Beescms | 2024-11-21 | N/A |
| BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI. | ||||
| CVE-2018-10265 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | N/A |
| An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI. | ||||
| CVE-2018-10260 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | N/A |
| A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | ||||
| CVE-2018-10259 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | N/A |
| An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | ||||
| CVE-2018-10258 | 1 Codeslab | 1 Shopy Point Of Sale | 2024-11-21 | N/A |
| A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | ||||
| CVE-2018-10257 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | N/A |
| A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | ||||
| CVE-2018-10256 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | N/A |
| A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query. | ||||
| CVE-2018-10255 | 1 Clustercoding | 1 Blog Master Pro | 2024-11-21 | 8.8 High |
| A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | ||||
| CVE-2018-10254 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | N/A |
| Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. | ||||
| CVE-2018-10253 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | N/A |
| Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls. | ||||