ReportizFlow
Filtered by vendor
Subscriptions
Total
322227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17133 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | ||||
| CVE-2018-17132 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | ||||
| CVE-2018-17131 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | ||||
| CVE-2018-17130 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | ||||
| CVE-2018-17129 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. | ||||
| CVE-2018-17128 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | ||||
| CVE-2018-17127 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | N/A |
| blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. | ||||
| CVE-2018-17126 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | ||||
| CVE-2018-17125 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | ||||
| CVE-2018-17113 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | ||||
| CVE-2018-17111 | 1 Coinlancer | 1 Coinlancer | 2024-11-21 | N/A |
| The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect. | ||||
| CVE-2018-17110 | 1 Tecdiary | 1 Simple Pos | 2024-11-21 | N/A |
| Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. | ||||
| CVE-2018-17108 | 1 Sbi | 1 Sbi Buddy | 2024-11-21 | N/A |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. | ||||
| CVE-2018-17107 | 1 Tgstation13 | 1 Tgstation-server | 2024-11-21 | N/A |
| In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password. | ||||
| CVE-2018-17106 | 1 Tinyftp Project | 1 Tinyftp | 2024-11-21 | N/A |
| In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname. | ||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | ||||
| CVE-2018-17103 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter | ||||
| CVE-2018-17102 | 1 Quickappscms | 1 Quickapps Cms | 2024-11-21 | N/A |
| An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. | ||||
| CVE-2018-17101 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | ||||
| CVE-2018-17100 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | ||||