ReportizFlow
Filtered by vendor
Subscriptions
Total
322137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16792 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-11-21 | 9.1 Critical |
| SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | ||||
| CVE-2018-16791 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-11-21 | N/A |
| In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server. | ||||
| CVE-2018-16789 | 1 Shellinabox Project | 1 Shellinabox | 2024-11-21 | N/A |
| libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. | ||||
| CVE-2018-16786 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | ||||
| CVE-2018-16785 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | ||||
| CVE-2018-16784 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | ||||
| CVE-2018-16782 | 1 Entropymine | 1 Imageworsener | 2024-11-21 | N/A |
| libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. | ||||
| CVE-2018-16781 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | N/A |
| ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. | ||||
| CVE-2018-16780 | 1 Complete Responsive Cms Blog Project | 1 Complete Responsive Cms Blog | 2024-11-21 | N/A |
| Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. | ||||
| CVE-2018-16779 | 1 Blogcms Project | 1 Blogcms | 2024-11-21 | N/A |
| BlogCMS through 2016-10-25 has XSS via a comment. | ||||
| CVE-2018-16778 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). | ||||
| CVE-2018-16776 | 1 Creatiwity | 1 Witycms | 2024-11-21 | N/A |
| wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. | ||||
| CVE-2018-16775 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | N/A |
| An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. | ||||
| CVE-2018-16774 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | N/A |
| HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | ||||
| CVE-2018-16773 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | ||||
| CVE-2018-16772 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
| Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | ||||
| CVE-2018-16771 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
| Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | ||||
| CVE-2018-16770 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. | ||||
| CVE-2018-16769 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. | ||||
| CVE-2018-16768 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. | ||||