ReportizFlow
Filtered by vendor
Subscriptions
Total
322137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16833 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | ||||
| CVE-2018-16832 | 1 Xunfeng Project | 1 Xunfeng | 2024-11-21 | N/A |
| CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. | ||||
| CVE-2018-16831 | 1 Smarty | 1 Smarty | 2024-11-21 | N/A |
| Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | ||||
| CVE-2018-16822 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. | ||||
| CVE-2018-16821 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | ||||
| CVE-2018-16820 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. | ||||
| CVE-2018-16819 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | ||||
| CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | ||||
| CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | ||||
| CVE-2018-16807 | 1 Bro | 1 Bro | 2024-11-21 | N/A |
| In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser. | ||||
| CVE-2018-16806 | 1 Pektron | 2 Passive Keyless Entry And Start System, Passive Keyless Entry And Start System Firmware | 2024-11-21 | N/A |
| A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. | ||||
| CVE-2018-16805 | 1 B3log | 1 Solo | 2024-11-21 | N/A |
| In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator. | ||||
| CVE-2018-16804 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. | ||||
| CVE-2018-16803 | 1 Cimtechniques | 1 Cimscan | 2024-11-21 | N/A |
| In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. | ||||
| CVE-2018-16802 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. | ||||
| CVE-2018-16797 | 1 Kakaocorp | 1 Potplayer | 2024-11-21 | N/A |
| A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value. | ||||
| CVE-2018-16796 | 1 Hiscout | 1 Grc Suite | 2024-11-21 | N/A |
| HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | ||||
| CVE-2018-16795 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. | ||||
| CVE-2018-16794 | 1 Microsoft | 2 Active Directory Federation Services, Windows Server 2016 | 2024-11-21 | N/A |
| Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | ||||
| CVE-2018-16793 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A |
| Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | ||||