ReportizFlow
Filtered by vendor
Subscriptions
Total
322231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17572 | 1 Influxdata | 1 Influxdb | 2024-11-21 | 4.8 Medium |
| InfluxDB 0.9.5 has Reflected XSS in the Write Data module. | ||||
| CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | N/A |
| Vanilla before 2.6.1 allows XSS via the email field of a profile. | ||||
| CVE-2018-17570 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | N/A |
| utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | ||||
| CVE-2018-17569 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | N/A |
| network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | ||||
| CVE-2018-17568 | 1 Viabtc | 1 Viabtc Exchange Server | 2024-11-21 | N/A |
| utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. | ||||
| CVE-2018-17567 | 1 Jekyllrb | 1 Jekyll | 2024-11-21 | N/A |
| Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | ||||
| CVE-2018-17566 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request. | ||||
| CVE-2018-17565 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | N/A |
| Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | ||||
| CVE-2018-17564 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | N/A |
| A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | ||||
| CVE-2018-17563 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | N/A |
| A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. | ||||
| CVE-2018-17562 | 1 Multitech | 1 Faxfinder | 2024-11-21 | N/A |
| Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | ||||
| CVE-2018-17560 | 1 Teamwire | 1 Teamwire | 2024-11-21 | N/A |
| The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected. | ||||
| CVE-2018-17559 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | 7.5 High |
| Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | ||||
| CVE-2018-17558 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | 9.8 Critical |
| Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | ||||
| CVE-2018-17556 | 1 Modx | 1 Modx Revolution | 2024-11-21 | N/A |
| MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action. | ||||
| CVE-2018-17555 | 1 Commscope | 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware | 2024-11-21 | 7.5 High |
| The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | ||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | ||||
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | ||||
| CVE-2018-17542 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | N/A |
| SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | ||||
| CVE-2018-17540 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-11-21 | N/A |
| The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | ||||