ReportizFlow
Filtered by vendor
Subscriptions
Total
322230 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17861 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17860 | 1 Cloudera | 1 Cdh | 2024-11-21 | 7.2 High |
| Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | ||||
| CVE-2018-17859 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. | ||||
| CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | ||||
| CVE-2018-17857 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. | ||||
| CVE-2018-17856 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. | ||||
| CVE-2018-17855 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself. | ||||
| CVE-2018-17854 | 1 Simdcomp Project | 1 Simdcomp | 2024-11-21 | N/A |
| SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427. | ||||
| CVE-2018-17852 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | ||||
| CVE-2018-17849 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. | ||||
| CVE-2018-17848 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. | ||||
| CVE-2018-17847 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. | ||||
| CVE-2018-17846 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. | ||||
| CVE-2018-17843 | 1 Mlmsoftwarez | 10 Add Clicking Mlm Software, Autopool Mlm Software, Bidding Mlm Software and 7 more | 2024-11-21 | N/A |
| SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter. | ||||
| CVE-2018-17842 | 1 Scriptzee | 1 Hotel Booking Engine | 2024-11-21 | 9.8 Critical |
| SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. | ||||
| CVE-2018-17841 | 1 Flippa Marketplace Clone Project | 1 Flippa Marketplace Clone | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter. | ||||
| CVE-2018-17840 | 1 Education Website Project | 1 Education Website | 2024-11-21 | N/A |
| SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter. | ||||
| CVE-2018-17838 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. | ||||
| CVE-2018-17837 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring. | ||||