ReportizFlow
Filtered by vendor
Subscriptions
Total
322137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17058 | 1 Jaba | 1 Jaba Xpress | 2024-11-21 | 8.8 High |
| An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication. | ||||
| CVE-2018-17057 | 2 Limesurvey, Tecnick | 2 Limesurvey, Tcpdf | 2024-11-21 | N/A |
| An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | ||||
| CVE-2018-17056 | 1 Progress | 1 Sitefinity Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-17055 | 1 Progress | 1 Sitefinity | 2024-11-21 | N/A |
| An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | ||||
| CVE-2018-17054 | 1 Progress | 1 Sitefinity Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053. | ||||
| CVE-2018-17053 | 1 Progress | 1 Sitefinity Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054. | ||||
| CVE-2018-17051 | 1 Knet | 1 Cisco Configuration Manager | 2024-11-21 | N/A |
| K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php. | ||||
| CVE-2018-17050 | 1 Polyai Project | 1 Polyai | 2024-11-21 | N/A |
| The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | ||||
| CVE-2018-17049 | 1 Cqu Lankers Project | 1 Cqu Lankers | 2024-11-21 | N/A |
| CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. | ||||
| CVE-2018-17048 | 1 Fangfa | 1 Fdcms | 2024-11-21 | N/A |
| admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection. | ||||
| CVE-2018-17046 | 1 Translate Man Project | 1 Translate Man | 2024-11-21 | N/A |
| translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. | ||||
| CVE-2018-17045 | 1 Cms Maelostore Project | 1 Cms Maelostore | 2024-11-21 | N/A |
| An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. | ||||
| CVE-2018-17044 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | ||||
| CVE-2018-17043 | 1 Doc2txt Project | 1 Doc2txt | 2024-11-21 | N/A |
| An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp. | ||||
| CVE-2018-17042 | 1 Scalabium | 1 Dbf2txt | 2024-11-21 | N/A |
| An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop. | ||||
| CVE-2018-17039 | 2 1234n, Microsoft | 2 Minicms, Internet Explorer | 2024-11-21 | N/A |
| MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. | ||||
| CVE-2018-17037 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. | ||||
| CVE-2018-17036 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | ||||
| CVE-2018-17035 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. | ||||
| CVE-2018-17034 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. | ||||